Stuck on Information Gathering Vhosts

Hey everyone,
I am trying to complete the question for information gathering web edition Vhosts and it says "Vhosts needed for these questions: inlanefreight.htb. i looked at other posts similar to this but im still getting confused. any guidance is greatly appreciated.

It means to add the IP of the target system and the domain inlanefreight.htb into /etc/hosts. This is going to be used for subdomain bruteforcing and web crawling

1 Like

Ah ok i see. Thank you ill try that out

Hm i added them to hosts and ran it again but nothing was found. Maybe I’m missing something

Not sure what is missing, assuming about the first subdomain. Try use gobuster to brute-force the 1st subdomain. After that you need to add that new subdomain into /etc/hosts in order to proceed.

Actually i think i know where i went wrong. I separated the target ip and the inlanefreight.htb lines instead of putting them on the same line in the hosts file

1 Like

Did you find it ? i’m stuck as well

i found out what i did wrong. in the hosts file i had to put the target IP address on the same line as inlanefreight.htb and to verify if it works you ping it. once that works you use the same gobuster command to brute force the vhost to see what domains pop up

i guess i needed that explained to me a little more or i might have missed it on another section. once i did that everything made sense

1 Like

Setting up virtual hosts like “inlanefreight.htb” involves configuring your web server to recognize that domain and direct it to the correct folder with your site files. Double-check your DNS settings to ensure everything matches up.

Oh i shouldve mentioned that im on pwnbox not my personal vm

I figured it out a bit ago. Two things that were road blocks for me:

  1. As mentioned above, I didn’t realize we had to use the hosts file. Adding the IP and the vhost to the file is required before you can correctly run the gobuster command.
  2. I was also unfamiliar with the gobuster command itself and how it worked with the hosts file. The command I was trying to use was the one from the module shown below:

gobuster vhost -u http://<target_IP_address> -w <wordlist_file> --append-domain

The <target_IP_address> was not working for me. No matter how I put an IP there, it did not work. What ended up working was going the other way and putting the vhost name, and this is where my misunderstanding came from. Because the command said IP, I was thinking the hosts file went IP to domain, but in this case it is the other way around. You need to put the vhost name there instead of the IP.

Earlier in the module, it says you can have multiple subdomains on one IP and one port using vhost configurations. This is why you need to specify the subdomain in the command. If you don’t, it’s just sending the fuzzing to the IP and port, not necessarily a subdomain on that IP and port.

Once I put the IP and vhost in the hosts file and changed out the [target_IP_address] for [vhost:port], my fuzzing immediately gave results.

3 Likes

Brute-force vhosts on the target system. What is the full subdomain that is prefixed with “web”? Answer using the full domain, e.g. “x.inlanefreight.htb”
You know answer for this questions?
I am trying with other sub_domain list but I can’t find a answer

The answers to all of the questions can be found using the subdomains-top1million files in /opt/useful/seclists/Discovery/DNS. As long as the hosts file is set up correctly, and the gobuster command is correct, that should give the subdomains you are looking for.

I set up file hosts is correct, because i finded answer question 2-5, but prefix “web” i cannot find

That one may only be in the word list “subdomains-top1million-110000.txt.” I remember that one being discovered later in the scan so it may not be caught by the shorter word lists.

Modifying the /etc/hosts file is not necessary to solve this. You can get the answers with nothing but gobuster.

Just use the pattern matching feature of gobuster.

thanks for such a detailed information. I was struggling with the hosts file . After adding the correct ip vhost i was able to get all working up.

The fastest way is to update /etc/hosts to map the given public IP address with the domain and use gobuster vhost -u {domain:port} -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain to get everything you need.

in case anyone wants a step-by-step write up you can look at this post