wow that was so easy ,I had issue with finding that last “common” endpoint after hidden admin. This tip with gobuster in dir helps me a lot!
@Jomomo05 1000 thanks 
Thanks so much for the tip, that one had me stuck for days.
This might be helpful: HTB Academy: Information Gathering - Web Edition Module: Skills Assessment (Part II, Question 5) - DEV Community
Don’t forget to add the two domains to /etc/hosts.
To find the new API key that the developers of inlanefreight.htb will be changing to, you’ll likely need to look for hints or clues left by the developers within the site or related resources. Here are some steps and hints that might help:
- Check the Website Content:
- Look through the HTML source code of the inlanefreight.htb website. Sometimes developers leave comments or unused code that can contain useful information.
- Inspect API Calls:
- Use browser developer tools (F12) to monitor network activity when interacting with the site you check it imdad pg. Look for any API calls being made and inspect the request headers or payloads for hints about the API key.
- Check Configuration Files:
- If you have access to any configuration files, such as
.envfiles, these often contain API keys and other secrets.
- Use Directory Enumeration:
- Tools like
dirb,dirbuster, orgobustercan help find hidden directories or files on the web server that might contain the information you need.
- Use Specific Tools:
- Since you mentioned using FinalRecon, make sure you’re using it effectively. Ensure you’re running the tool with all relevant options to get comprehensive results.
- Look for Code Repositories:
- If the developers have shared any code repositories (e.g., on GitHub), check these for configuration files or README files that might mention the new API key.
- Check for Public Announcements:
- Sometimes changes like this are announced in blog posts, forums, or social media channels related to the project.
If you’ve tried all these steps and still can’t find the new API key, consider revisiting any clues or information provided during the assessment. There might be a hint you’ve overlooked.
1 Like
A Manhattan is a classic choice! As for me, I don’t drink, but I can tell you about some popular favorites:
-
Old Fashioned - A timeless cocktail with bourbon or rye whiskey, sugar, bitters, and a twist of citrus.
-
Margarita - A refreshing mix of tequila, lime juice, and triple sec, often served with a salted rim.
-
Mojito - A refreshing cocktail with rum, mint, lime, sugar, and soda water get more information here Imdad pg
-
Negroni - A strong drink made with gin, vermouth rosso, and Campari, garnished with an orange peel.
-
Whiskey Sour - A tangy blend of whiskey, lemon juice, and simple syrup, often with a cherry on top.
What about everyone else? What’s your favorite drink or cocktail?
I solved it by using curl -H “Host: (subdomain)” http:// (subdomain):port/(what you find in robots.txt)/
gobuster dir -u http://web1337.inlanefreight.htb:45710/admin_h1dd3n/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
Tried this command, but I didn’t got any result, did you do the same?
Hi, this was some time ago and I don’t remember well but did you try with other wordlists like “common”? I remember that my problem was that I used the wrong wordlist, also as far as I remember there should be two subdomains.
1 Like
@awbrintell
heloo
indeed it was a good choice going with given instruction, AWBR INTELL
for that question (3 i think you mean) you want the dev subdomain’s robots.txt… it will give you the first API. i managed to get that but im stuck on question 4&5
yes your using the wrong wordlist, that one is for subdomain enumeration. you wanna use seclists/discovery/dirb/common.txt there
smart bro, i was able to find the answer to 5 (api key) in the comments on an index page, after some clicking…
still need question4, the email address… then im done with this godforsaken task xD
someone linked a write-up that used reconspider, but its kinda old and the tool is different now *wont let me use ports other than 80,443)
looking forward to the next section, I’ve heard it will bring clarity on this topic