THM Subdomain Enumeration - grunt92/IT-Sec-WriteUps GitHub Wiki

Brief

What is a subdomain enumeration method beginning with B?

Brute Force

What is a subdomain enumeration method beginning with O?

OSINT

What is a subdomain enumeration method beginning with V?

Virtual Host

OSINT - SSL/TLS Certificates

What domain was logged on crt.sh at 2020-12-26?

store.tryhackme.com

OSINT - Search Engines

What is the TryHackMe subdomain beginning with B discovered using the above Google search?

blog.tryhackme.com

DNS Bruteforce.com

What is the first subdomain found with the dnsrecon tool?

Deploy the Site and click on the "Run DNSrecon Request"-button. api.acmeitsupport.thm

OSINT - Sublist3r

What is the first subdomain discovered by sublist3r?

web55.acmeitsupport.thm

Virtual Hosts

What is the first subdomain discovered?

Run ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://IP and note the size of the matches. Run ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://IP -fs 2395 to get the answers.

delta

What is the second subdomain discovered?

yellow

What is the second subdomain discovered?