Information gathering - web edition

Hi guys, I need some help to solve and answer the last question of the Skills Assessment of INFORMATION GATHERING - WEB EDITION. I trying anything and don’t found the correct answer, I tried with ffuf and gobuster subdomain enum, with the next syntax:

For gobuster I used for a some pattern:

 gobuster dns -q -r "dns1.p08.nsone.net" -d "githubapp.com" -w "~/seclist/fuzzing/1-4_all_letters_a-z.txt" -p ./patterns.txt -o "gobuster_subdomain.txt"

And the pattern I used is:

glb-{GOBUSTER}-public-internal.githubapp.com

For ffuf I used the next syntax:

ffuf -w ~/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.githubapp.com -t 90 

With ffuf I found some subdomians but, none one of this subdomains is the answer. I don’t know if I using the wrong wordlist or even the patter I guess is wrong too. I’m so exahust to try found the correct answer without success. If anyone know where I failed pls telling me.

Are you looking for a subdomain or a vhost? Ffuf vhost syntax is different…

I’m looking a subdomain, for more context, this is the question which I want to respond:
“Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word ‘elephants’ in the name?”

As I said, I perfomed a subdomain enumaration with gobuster and ffuf, with the next syntax that I showed earlier. But the subdomians that I found with this enumeration, none one is the answer and don’t seen any subdomain with the word “elephants” on their name. Even I performed vhost enum, but the result is the same that the subdomain enumeration. I don’t have idea what I doing wrong, if is the syntax or is the word list. Really need a some help with this, I’m stuck for 2 days with this question.

Hey! I had trouble with this one as well, I think I ended up using a passive approach because the active one didn’t work even with Sublist3r. DM me if you have trouble with it.

-onthesauce