Information Gathering - Web Edition Virtual Hosts Enumeration - Stuck

Question is: Enumerate the target and find a vHost that contains flag No. 2. Submit the flag value as your answer (in the format HTB{DATA}).

I already found flag No. 1 as it was just inlanefreight.htb which was in /etc/hosts already (I put it there, obviously).

I have tried connecting via my own Kali instance (over VPN) and have used the Parrotbox instance. Have used Ffuf and wfuzz. I have added every single subdomain found in the zone transfer section to /etc/hosts. I cannot solve this very simple section.

I used the example provided by the author of the module:

ffuf -w ./vhosts -u -H "HOST:" -fs 612

Yes, I altered it to fit my specific scenario, but I used it as a guide.

One would think that for a simple module like this, there would be an easy way of emulating this command, finding the targets, adding them to /etc/hosts and then curling them in order to find the HTML and, ultimately, the flag. I cannot find any hosts (even after restarting the target and trying all over again).

Again, this is a simple section, so I’m not sure what’s going on and why there isn’t a relatively similar way to the example provided to solve this problem. Any help would be appreciated.

Here is the command I have been using:

ffuf -w /usr/share/seclists/Discovery/DNS/namelist.txt -u http://<IP address> -H "HOST: FUZZ.inlanefreight.htb"

Could definitely use some help!

Still could use some help if someone wouldn’t mind!

Hi Joe.
If you dont solved already.
I can help you
Use this directory SecLists/directory-list-lowercase-2.3-big.txt at master · danielmiessler/SecLists · GitHub
Should be useful to complete all the questions in there section.
Be patient.
Use the “-fs” flag to filter all the junk data.
If you need more help, just tell me.

1 Like

Thank you @Baker666 . Someone had DM’d me to help me solve it.

Hi, I’m stuck with this too, how did you do it?
When I use -fs 612 it doesn’t filter it for me it shows me everything

This helped me

1 Like