I’m currently stuck on the third question of the web recon skill assessment. I have several problems.
First, I tried to add the inlanefreight.htb domain to the /etc/hosts but it doesn’t work (still can’t resolve)
Then, I tried with the given IP to use the finalRecon tool but I have this error " AttributeError: ‘TLDExtract’ object has no attribute 'extract_urllib"
I tried to gobuster for directories but got nothing
I tried nikto
I’m kinda out of option here. I guess I need to find the robots.txt file to find the hidden admin page and take the API key.
Same here. I think one of the difficulties lies within getting the target <TARGET_IP>:<TARGET_PORT> into /etc/hosts ive tried:
TARGET:PORT inlanefreight.htb,
TARGET inlanefreight.htb:PORT.
Neither seems to work. I can access the website from the IP address and PORT in a web browser, but using the inlanefreight URL I cannot resolve.
I also get the same errors in FinalRecon. gobuster and ffuf havent found any directories for me.
I am curious if they have changed this recently, because the question reads like we should have already conducted a scan "What is the API key in the hidden admin directory that you have discovered on the target system? "
Found the api key through one of the subdomains.
Tried to put the api key as an answer. But it will not accept it
Welcome to
Welcome to XXXXXX admin site
The admin panel is currently under maintenance, but the API is still accessible with the key XXXXXXXXXXXXXXXXXXXXX
I also thought it was bugged. However I did eventually find all of them in the last 30 minutes. They just werent located in the most obvious location. Need to dig deeper.
Hello. I am still sticking. I tried all that is said here and nothing seems to work. I waited for more than 15 min now. Ping is ok, but finalrecon still gives me error message even when i used the -sp flag. Can someone help?