Information Gathering - Web Edition Skills Assessment

What is the API key in the hidden admin directory that you have discovered on the target system? Guys. Im stuck this question. Give me some hint.
I try gobuster with vhost and dir but dont get any subdomain or directory.
in /etc/host
given ip ...* inlanefreight.htb

GUys im idiot. append this opetion to gobuster: --append-doman

Without --append-domain:

If you don’t use --append-domain, Gobuster will only check the raw entries from the wordlist. For example:

  • web
  • mail
  • admin

With --append-domain:

If you use --append-domain, Gobuster will append the main domain to each word, meaning it will search for:

  • web.inlanefreight.htb
  • mail.inlanefreight.htb
  • admin.inlanefreight.htb

This way, Gobuster will look for virtual hosts (subdomains) on the domain inlanefreight.htb by appending each word from the wordlist as a subdomain.

Why use --append-domain?

  • It’s useful when you’re enumerating subdomains or virtual hosts on a specific domain and want to automate the process of testing for different combinations.

I am still fighting this fight. I have used gobuster extensively and not found a vhost yet.

Exhausted with this. Any help is appreciated!!!

Looping my former request, I figured this out.

Summary

You have to rerun the gobuster tool several times, and use compounding subdomains and then run a python tool or two.