search

Questions

Target(s): 94.237.56.224:56139

  • inlanefreight.htb

hashtag
1. What is the IANA ID of the registrar of the inlanefreight.com domain?

whois inlanefreight.com | grep "IANA"

hashtag
2. What http server software is powering the inlanefreight.htb site on the target system? Respond with the name of the software, not the version, e.g., Apache.

curl -I inlanefreight.htb

hashtag
3. What is the API key in the hidden admin directory that you have discovered on the target system?

Since the server is using nginx that utilizes vhosts, the first step is to use gobuster to enumerate the vhosts of the domain 

gobuster vhost -u http://inlanefreight.htb:56139/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 100

found the vhosts 

web1337.inlanefreight.htb:56139

hashtag
Need to now add this vhosts to my etc/hosts document

I can enumerate further and crawl this subdomain by testing the robots.txt to see if there are any hidden directories

The /admin_h1dd3n seems to be available, we can check that out

  • There is no luck

We can try and curl this hidden directory

We see a status code 301, that mentions that this address has been moved permanently to:

If we try to visit this webpage it does not work, so lets try a curl GET request

PreviousWeb ArchivesNextQuestion 4

Last updated