Recon

Recon0

https://hackycorp.com/robots.txt

Recon1

https://hackycorp.com/team.html

Recon2

dirsearch  -u https://hackycorp.com/

Recon3

test manual

1.View page source

i found dir name /images

Using dirsearsh

dirsearch  -u https://hackycorp.com/

Recon4

Very eazzzzzz

Recon5

wfuzz -c -z file,/usr/share/wordlists/wfuzz/general/common.txt --hc 404  https://hackycorp.com/FUZZ

I Found /startpage

Recon6

 curl https://hackycorp.com/ -v 
http://51.158.147.132/

Recon7

default virtual host ("vhost") over TLS.

https://51.158.147.132/

Recon8

open certificate is valid

go to details

https://66177e3f25e3ea0713807b1dc5f0b9df.hackycorp.com/

Recon9

i use socat + openssl connection 

socat - openssl:51.158.147.132:443,verify=0
wite GET
99d0738b-1e52-4a00-8885-b15894b2c79e

Recon10

for i in {1..150}; do printf  " 0x%02x.a.hackycorp.com\n" $i >> hosts.txt;done

Recon11

FUFF

ffuf -w /usr/share/wordlists/wfuzz/general/common.txt -u  http://hackycorp.com/ -H "HOST: FUZZ.hackycorp.com"

PreviousPentesterLabsNextHTB

Last updated