Simonethg

@simonethg

69 Following

1 Followers

Simonethg pfp

This is a classic strategy for gathering information. ✏️ It is part of the "recognition" of a web security test. 🔏

0 reply

0 recast

0 reaction

Simonethg pfp

Let's see 👀 Now I access the website "dev.devvortex.htb". And wow, we have found a ghost website 👻

1 reply

0 recast

0 reaction

Simonethg pfp

I explain you the command 1️⃣ devvortex.htb - is the original page 2️⃣ subdomains.txt - is the list for rough testing 3️⃣ sub-fighter - is the mode, against virtual hosts 4️⃣ Host - is a header, so test 1 by 1

1 reply

0 recast

0 reaction

Simonethg pfp

With this command, I try all subdomains (urls that are xxxxxx.devvortex.htb) Until one of them works 🤓 In this case: "dev"

1 reply

0 recast

0 reaction

Simonethg pfp

We are going to use WFUZZ. This tool for these things 🚀

1 reply

0 recast

0 reaction

Simonethg pfp

Example: I will do it on a machine that uses "Virtual Hosting". The web would be "devvortex.htb" (don't look for it, it doesn't really exist😶‍🌫️) This would be the main site

1 reply

0 recast

0 reaction

Simonethg pfp

There are a thousand ways if it's set up wrong. But we're going to do it the cool way. The beast way. Brute force 💪

1 reply

0 recast

0 reaction

Simonethg pfp

Just like "admin", it could be any word ✏️ That's the fun part. You have to find out WHICH word it is 👇

1 reply

0 recast

0 reaction

Simonethg pfp

What is a "Virtual Host"? It is a way to have a diversity of services on the same machine. It is like having a doorman in the building.

1 reply

0 recast

0 reaction

Simonethg pfp

Do you know how to find out if a website hides another one behind? 👻A hidden website. But associated with the same IP address. A ghost in plain sight. Well, it's curious, typical and simple. I'll leave you the 🔦🧵

1 reply

0 recast

0 reaction