HTB Academy: Information Gathering - Web Edition Module(Updated): Skills Assessment
(Part II, Question 5)
To complete this skills assessment, you will need to apply various techniques learned in this module, including:
- Using whois
- Analyzing robots.txt
- Performing subdomain brute-forcing
- Crawling and analyzing results
Demonstrate your proficiency by effectively utilizing these techniques. Remember to add subdomains to your hosts file as you discover them.
Questions:
vHosts needed for these questions:
- inlanefreight.htb
Answer:
Question 5: What is the API key the inlanefreight.htb developers will be changing to?
Step 1: Add TARGET_IP and vhost to hosts
sudo nano /etc/hosts
<TARGET_IP> inlanefreight.htb
Step 2: Find subdomains with gobuster
gobuster vhost -u http://inlanefreight.htb:$PORT -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
Step 3: Add new domain to hosts
sudo nano /etc/hosts
<TARGET_IP> web1337.inlanefreight.htb
Step 4: Use gobuster with new subdomain and add result to hosts
gobuster vhost -u http://web1337.inlanefreight.htb:$PORT -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain
Result:
Found: dev.web1337.inlanefreight.htb:PORT Status: 200
Step 5: Install scrapy and ReconSpider
pip3 install scrapy
wget -O ReconSpider.zip https://academy.hackthebox.com/storage/modules/144/ReconSpider.v1.2.zip
unzip ReconSpider.zip
python3 ReconSpider.py http://dev.web1337.inlanefreight.htb:$PORT
Step 6: Analyze the results
cat results.json
Extracted Comments:
{
"emails": [
"1337testing@inlanefreight.htb"
],
"links": [
"http://dev.web1337.inlanefreight.htb:58951/index-808.html",
"http://dev.web1337.inlanefreight.htb:58951/index-829.html",
...
...
],
"external_files": [],
"js_files": [],
"form_fields": [],
"images": [],
"videos": [],
"audio": [],
"comments": [
"<!-- Remember to change the API key to ba****************************** -->"
Great! Happy Hunting!
To get more Academy cubes: subscribe!
Top comments (0)