👻HOLO (thm)
https://tryhackme.com/r/room/hololive
So first I look at the network
then I scan the range that is given to us:
So we discover a webpage that is fueled by wordpress version 5.5.3:
we see a www.holo.live button so we can consider this is a valid host to add in /etc/hosts and when we reload the page we have this:
Now we launch our gobuster:
dir mode is used to discover directories and files on a web server.
And vhost is designed to discover virtual hosts (subdomains) on a web server.
How It Works: Gobuster makes requests to the target server with different subdomain names (from a specified wordlist) in the Host
header. It checks if the server responds differently for different subdomain names, indicating the presence of virtual hosts.
Key Differences
Target:
dir
targets directories and files within a domain, whilevhost
targets subdomains or virtual hosts.HTTP Requests: In
dir
mode, the path component of the URL changes; invhost
mode, theHost
header changes.Discovery Goals:
dir
mode is for finding hidden content within a single domain, whereasvhost
mode is for discovering additional subdomains that might provide different content or services.
and find the following domains:
so we add them:
feroxbuster is not installed, so now we need to discover subdomains on the different domains
We discover some interesting stuff such as this img.php, probably used to load images through GET/POST requests:
So we capture the request of the dev.holo.live/img.php ->
And we are able to test for LFI:
So maybe we can access to the supersecret file ->
Last updated