I was having problem getting the subdomain of thetoppers.htb
I ended up looking the official walkthrough to know what i was doing wrong, s3 subdomain didn’t appear.
I have the same issue. No s3 coming up at all lots of others though. Using the same wordlist from the same SecLists file. Any idea? I have the newest gobuster installed.
Is anybody out there? Made a test text file with just “s3” in it and still nothing. I can visit s3.thetoppers.htb and it works though? I have watched tons of videos and it always seems that gc._msdcs.thetoppers.htb and s3.thetoppers.htb come up. I get :
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
Okay, I have answered my own question. Due to the version I’m using I have to add “–append-domain” Hopefully that will allow someone not to lose their mind as I apparently have.
I’ve sat here for the last hour or so working on subdomain enumeration for a different box, tried gobuster vhost and dns modes tirelessly with no luck, also had the problem with this box previously, anyways ended up getting it to work using wfuzz, just replace the wordlist and target from this code
I used version 3.4 and, according to help documentation, in the vhost mode you need to use the --append-domain option in order to work as intended. Then, the fully qualified domain to test will be s3.thetoppers.htb instead of s3 alone.
I can get it whit ffuf /opt/wordlists/SecLists/Discover/DNS/subdomains-top1million-5000.txt:FUZZ -u http://thetoppers.htb -H “HOST: FUZZ.thetoppers.htb” -mc 404
The problem is why the subdomain s3 return a 404 status code instead of 200 status code???
1.sudo vim /etc/hosts
Add a new record:
xxx.xxx.xxx.xxx thetoppers.htb
You can use the wordlist from /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt
The wordlist which I used is created by crunch
$ crunch 2 2 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ -o 2_char_wordlist.txt