Closed NickTheSecurityDude closed 10 months ago
vhost not working correctly
On htb machine "stacked", portfolio is a valid page, however gobuster sees it as a redirect:
┌──(kali㉿kali)-[~/htb/machines/stacked] └─$ gobuster vhost -u http://stacked.htb -w /opt/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -o gobuster.vhost.out ┌──(kali㉿kali)-[~/htb/machines/stacked] └─$ cat gobuster.vhost.out|grep "portfolio" Found: portfolio Status: 302 [Size: 278] [--> http://stacked.htb/] Found: www.portfolio Status: 302 [Size: 282] [--> http://stacked.htb/]
Testing for that vhost in burp or curl it returns a 200 with a much larger size:
┌──(kali㉿kali)-[~/htb/machines/stacked] └─$ curl -s -w "%{http_code} %{size_download}" -o /dev/null --header "Host: portfolio.stacked.htb" http://stacked.htb 200 30268
┌──(kali㉿kali)-[~/htb/machines/stacked] └─$ gobuster version 3.6
I used the same command used here: https://youtu.be/aWXfEDIYZu8?feature=shared&t=246. It did work in the video, which was likely and earlier version of gobuster.
you need to use --append-domain , otherwise only the plain word from the wordlist is tried
vhost not working correctly
On htb machine "stacked", portfolio is a valid page, however gobuster sees it as a redirect:
Testing for that vhost in burp or curl it returns a 200 with a much larger size:
I used the same command used here: https://youtu.be/aWXfEDIYZu8?feature=shared&t=246. It did work in the video, which was likely and earlier version of gobuster.