Recon
Recon0
https://hackycorp.com/robots.txt

Recon1
https://hackycorp.com/team.html

Recon2
dirsearch -u https://hackycorp.com/


Recon3
test manual
1.View page source

i found dir name /images

Using dirsearsh
dirsearch -u https://hackycorp.com/

Recon4
Very eazzzzzz

Recon5
wfuzz -c -z file,/usr/share/wordlists/wfuzz/general/common.txt --hc 404 https://hackycorp.com/FUZZ

I Found /startpage

Recon6
curl https://hackycorp.com/ -v

http://51.158.147.132/

Recon7
default virtual host ("vhost") over TLS.
https://51.158.147.132/

Recon8
open certificate is valid

go to details

https://66177e3f25e3ea0713807b1dc5f0b9df.hackycorp.com/

Recon9
i use socat + openssl connection
socat - openssl:51.158.147.132:443,verify=0
wite GET

Recon10
for i in {1..150}; do printf " 0x%02x.a.hackycorp.com\n" $i >> hosts.txt;done

Recon11
FUFF
ffuf -w /usr/share/wordlists/wfuzz/general/common.txt -u http://hackycorp.com/ -H "HOST: FUZZ.hackycorp.com"

Last updated