INFORMATION GATHERING: WEB EDITION

Completed Information Gathering - Web Editionacademy.hackthebox.com

OBJECTIVE: apply information gathering methods to answer the questions

root@htb:~$ sudo nano /etc/hosts
 * 94.237.59.63 inlanefreight.htb
    - do not include the port number

What is the IANA ID of the registrar of the inlanefreight.com domain?

root@htb:~$ whois inlanefreight.com
 * ALT: root@htb:~$ ./finalrecon.py --whois --url http://inlanefreight.com
 * Registrar IANA ID: 468

What http server software is powering the inlanefreight.htb site on the target system? Respond with the name of the software, not the version, e.g., Apache.

root@htb:~$ whatweb inlanefreight.htb:{targetPort}
 * HTTPServer[nginx/1.26.1]

What is the API key in the hidden admin directory that you have discovered on the target system?

root@htb:~$ gobuster vhost -u http://inlanefreight.htb:33930 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 100 -k
 * Found: web1337.inlanefreight.htb:33930 Status: 200 [Size: 104]
 
root@htb:~$ sudo nano /etc/hosts
 * 94.237.59.63 web1337.inlanefreight.htb
root@htb:~$ ./finalrecon.py --dir --url http://web1337.inlanefreight.htb:33930
 * 200 | http://web1337.inlanefreight.htb:33930/index.html
 * 200 | http://web1337.inlanefreight.htb:33930/robots.txt
root@htb:~$ curl http://web1337.inlanefreight.htb:33930/robots.txt
 * Disallow: /admin_h1dd3n
root@htb:~$ curl -i http://web1337.inlanefreight.htb:33930/admin_h1dd3n
 * 301 Moved Permanently
root@htb:~$ curl -i http://web1337.inlanefreight.htb:33930/admin_h1dd3n/
 * The admin panel... the key e963d863ee0e82ba7080fbf558ca0d3f

After crawling the inlanefreight.htb domain on the target system, what is the email address you have found? Respond with the full email, e.g., [email protected].

root@htb:~$ gobuster vhost -u http://web1337.inlanefreight.htb:33930 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 100 -k
 * Found: dev.web1337.inlanefreight.htb:33930 Status: 200 [Size: 123]

root@htb:~$ sudo nano /etc/hosts
 * 94.237.59.63 dev.web1337.inlanefreight.htb
root@htb:~$ gobuster vhost -u http://dev.web1337.inlanefreight.htb:33930 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 100 -k
 * 200 | http://dev.web1337.inlanefreight.htb:33930/index.html

root@htb:~$ pip3 install scrapy
root@htb:~$ wget -O ReconSpider.zip https://academy.hackthebox.com/storage/modules/144/ReconSpider.v1.2.zip
root@htb:~$ unzip ReconSpider.zip
root@htb:~$ python3 ReconSpider.py http://dev.web1337.inlanefreight.htb:33930
root@htb:~$ cat results.json
 * "emails": ["[email protected]"]

What is the API key the inlanefreight.htb developers will be changing too?

root@htb:~$ gobuster vhost -u http://web1337.inlanefreight.htb:33930 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 100 -k
 * Found: dev.web1337.inlanefreight.htb:33930 Status: 200 [Size: 123]

root@htb:~$ sudo nano /etc/hosts
 * 94.237.59.63 dev.web1337.inlanefreight.htb
root@htb:~$ gobuster vhost -u http://dev.web1337.inlanefreight.htb:33930 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain -t 100 -k
 * 200 | http://dev.web1337.inlanefreight.htb:33930/index.html

root@htb:~$ pip3 install scrapy
root@htb:~$ wget -O ReconSpider.zip https://academy.hackthebox.com/storage/modules/144/ReconSpider.v1.2.zip
root@htb:~$ unzip ReconSpider.zip
root@htb:~$ python3 ReconSpider.py http://dev.web1337.inlanefreight.htb:33930
root@htb:~$ cat results.json
 * "comments": ["<!-- ...change the API key to ba988b835be4aa97d068941dc852ff33 -->"

PreviousUSING WEB PROXIES NextWEB FUZZING

Last updated 3 months ago