Virtual Host and Subdomain Fuzzing — Web Fuzzing Module — HTB Walkthrough

TIER 0 MODULE: WEB FUZZING

SECTION: Virtual Host and Subdomain Fuzzing

Please open your pwnbox or connect to the vpn in order to complete the tasks.

If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt

If you are connected via vpn, then before starting this section, make sure that you have the target ip address included in the /etc/hosts file. (It won’t work without it).

echo "<target-ip> inlanefreight.htb" | sudo tee -a /etc/hosts

If you are using pwnbox everything is fine.

1. Using GoBuster against the target system to fuzz for vhosts using the common.txt wordlist, which vhost starts with the prefix “web-”? Respond with the full vhost, eg web-123.inlanefreight.htb.

Simply run this command to do all the work,

gobuster vhost -u http://inlanefreight.htb:<port> -w /usr/share/seclists/Discovery/Web-Content/common.txt --append-domain

The vhost fuzzing mode in gobuster with -u target URL, -w wordlist specified, and --append-domain to append the domain name (in this case inlanefreight.htb) to each of the word in the wordlist.

Answer: web-beans.inlanefreight.htb

2. Using GoBuster against inlanefreight.com to fuzz for subdomains using the subdomains-top1million-5000.txt wordlist, which subdomain starts with the prefix “su”? Respond with the full vhost, eg web.inlanefreight.com.

Smiply run the dns fuzzing mode in gobuster.

gobuster dns -d inlanefreight.com -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt

Answer: support.inlanefreight.com

Still stuck? Watch video!

☣️ HAPPY ETHICAL HACKING ☣️

DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)

The Malware Mender Walkthroughs