/etc/hosts
83.136.252.57 inlanefreight.htb
I couldn’t find subdomain.
Is it a different dictionary?
gobuster vhost -u http://inlanefreight.htb:31764 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 100
ffuf -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt -u http://inlanefreight.htb:31764 -H 'Host: FUZZ.inlanefreight.htb:31764' -fs 120```@voyager77 use this command:
gobuster vhost -u http://inlanefreight.htb:48064 -w /usr/share/Seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
Thank you.
I solved all.
Hy! I’m stuck on the question “What is the API key in the hidden admin directory that you have discovered on the target system?” I did not find any subdomain or virtual host. I have tried tools like dnsenum, gobuster and ffuf and also many wordlists but to no avail.
Any hints please
As far as I remember, it was accessing the robots.txt.
crawling module.
how did you get that fking APIkey?? xDD
I join the question!
What is the API key the inlanefreight.htb developers will be changing too?
I have done all the steps that were given from the tips and help from this forum.
But he stubbornly does not want to appear in the output of the tool - ReconSpider.py which provides the “HTB-Attacker”.
I can describe ALL the steps again, but at the very last step, when the tool outputs the information, there are no keys there.
Darcia
Did you check the results.json?
ReconSpider.py generate results.json.
If you did, I think the subdomain is different.
Whoa, friend!
Finally!
You saved my gray hair!
Who would have known that it was necessary to look into the file.
I searched in the terminal output.
Oh my God, thank you superhuman! 
This was crazy hard for me…
I am a seasoned linux person and pentester and this was still difficult.
Update hosts file with tun0 ip address to localhost as well as the spawned domain address.
Then after that update the subdomains in the hosts file… if you do that, then run gobuster with vhost and dir options (even simultaneously), the use httrack to download the final sub domain you find.
Take a recursive approach to enumeration!
did you found this?
Hi what do you mean by “found one and in that one 4 directories”? I don’t quite get what you said
I have tried everything but I cannot figure out this challenge:
What is the API key in the hidden admin directory that you have discovered on the target system?
You first need the robots.txt
Then you need to use that information and pay attention to the response code
The exact method is in the module, search for redirections.
Glad to hear you got it configured correctly!
Hi! Try to find the hidden directory with gobuster using the info given in “robots.txt”. Then do sth like:
curl -vv http://w…inlanefreight.htb:/<robots_disallow>/<hidden_dir>
Regards.
Do the following :
DM if you still need help.
Hey,
I have been trying to solve this but seems to be having a challenge. I have made the changes in /etc/resolv.conf file but the domains that I’m getting are still the same ones listed on the question.
Kindly help.
I tried to crawl with ReconSpider but it doesnt show any output, which tool should I use to get the API key from dev ? I be thankful for any help 
The best way to do this is to continue to use gobuster as a dns enumeration tool
add all the dns records into your hosts file,
run gobuster in vhost mode as noted
add that data to your hosts file
I think I also ran dir mode
at that point when I started using python tools in the chapter, it started pulling data.
Its a frustrating tactical approach (felt like a good bit of syntactical issues on my part)
but it is part of the learning process.