Information gathering - web edition

dandyloco · June 21, 2024, 7:04pm

Recently HTB has modified this module and I am stuck on the last question of the Skills Assessment.

“What is the API key the inlanefreight.htb developers will be changing too?”

I have been able to get a possible API KEY that starts with e963…

However it seems not to be the correct answer. Can anyone give me a hint to find the solution? Thanks

dandyloco · June 22, 2024, 4:14pm

After much headache - lol -, I saw the right way. There’s nothing like a little subdomain discovery and the use of scrappy.

crackhead777 · June 22, 2024, 4:42pm

So i have found one virtualhost and the api key
can someone help me at this point please ?..

Azizif6 · June 22, 2024, 5:03pm

Yeah i’m very stuck.
I’m using the automated took and scanning for subdomains but im getting nothing!

crackhead777 · June 22, 2024, 6:19pm

can you help on this please have been enumerating for hour and just found one virtual host with the api key then enumerated that and everything but won’t progress
can you help me any further please

dandyloco · June 22, 2024, 6:40pm

Remember that enumeration is a recurrent process. Once a virtual host has been found, we should repeat the process on that virtual host.

Then, using a Web Crawlers tool may be a good idea.

crackhead777 · June 22, 2024, 6:55pm

thx

0xbughunter · June 23, 2024, 1:35pm

hi @dandyloco I tried to configure /etc/hosts for inlanefreight.htb and then run crawlers, directory enumeration, vhost enum even subdomain enum. None yielded any result, could you please assist me in solving the below challenge.
What is the API key in the hidden admin directory that you have discovered on the target system?

dandyloco · June 23, 2024, 4:28pm

Hello @0xbughunter, maybe the problem is the chosen dictionary. A vhost enumeration with a Seclist DNS dictionary and checking files that give us clues about the existence of others directories, and you should get that API key.

Peachyzaki · June 23, 2024, 4:44pm

Hey man

I managed to configure the inlanefreight.htb correctly by typing like that
(without the port number) inlanefreight.htb:port number (the one you recevied with the ip target)

It should work for you
Good luck

I also didn’t managed to get the answer.
Still trying, let me know if you managed.
I tried to use FinalRecon, but still didn’t yield any results

0xbughunter · June 23, 2024, 5:12pm

running it again now

0xbughunter · June 23, 2024, 5:14pm

yup i have configured the same way too.

Peachyzaki · June 23, 2024, 5:31pm

And you couldn’t connect to the inlanefreight.htb?

S3ntinl · June 23, 2024, 5:43pm

This module has been driving me crazy for the past 2 days and I can´t really find a way to enumerate anything!! I have successfully put the ip in the /etc/hosts but anything from there. Any hint?

0xbughunter · June 24, 2024, 12:47am

I could connect but I’m missing something in enumeration

0xbughunter · June 24, 2024, 5:14am

Finally solved it, I kind of used the wrong wordlist

hideme · June 24, 2024, 9:27am

@0xbughunter Could somebody give me another hint?
I discovered a subdomain

w…inlanefreight.htb

After enumerating this page i found a page where an api-key is listed (same as @dandyloco mentioned e963…) but this doesn’t seem to be the answer.

I scraped this page and got to another site, but here I am stuck.

0xbughunter · June 24, 2024, 9:51am

You will have to find another subdomain. Follow the instructions provided above in the exercise

hideme · June 24, 2024, 9:59am

Thanks, just got it.

0xbughunter · June 24, 2024, 10:14am

Cool