What is the API key in the hidden admin directory that you have discovered on the target system? Guys. Im stuck this question. Give me some hint.
I try gobuster with vhost and dir but dont get any subdomain or directory.
in /etc/host
given ip ...* inlanefreight.htb
GUys im idiot. append this opetion to gobuster: --append-doman
Without --append-domain
:
If you don’t use --append-domain
, Gobuster will only check the raw entries from the wordlist. For example:
web
mail
admin
With --append-domain
:
If you use --append-domain
, Gobuster will append the main domain to each word, meaning it will search for:
web.inlanefreight.htb
mail.inlanefreight.htb
admin.inlanefreight.htb
This way, Gobuster will look for virtual hosts (subdomains) on the domain inlanefreight.htb
by appending each word from the wordlist as a subdomain.
Why use --append-domain
?
- It’s useful when you’re enumerating subdomains or virtual hosts on a specific domain and want to automate the process of testing for different combinations.
I am still fighting this fight. I have used gobuster extensively and not found a vhost yet.
Exhausted with this. Any help is appreciated!!!
Looping my former request, I figured this out.
Summary
You have to rerun the gobuster tool several times, and use compounding subdomains and then run a python tool or two.