TryHackMe: Subdomain Enumeration Writeup

This room aims to teach the various ways of discovering subdomains to expand your attack surface of a target. We will learn about 3 different subdomain enumeration methodologies, which are Brute Force ( using DNSRecon and Sublister tool), OSINT ( using https://cert.sh website) and Virtual Hosts ( using ffuf tool).

This room can be accessed using this link: https://tryhackme.com/room/subdomainenumeration

Task 1: Brief

1. What is a subdomain enumeration method beginning with B? Answer: Brute Force
2. What is a subdomain enumeration method beginning with O? Answer: OSINT
3. What is a subdomain enumeration method beginning with V? Answer: Virtual Host

Task 2: OSINT — SSL/TLS Certificates

1. What domain was logged on crt.sh at 2020–12–26? Answer: store.tryhackme.com

Task 3: OSINT — Search Engines

1. What is the TryHackMe subdomain beginning with B discovered using the above Google search? Answer: blog.tryhackme.com

Task 4: DNS Bruteforce

1. What is the first subdomain found with the dnsrecon tool? Answer: api.acmeitsupport.thm

Task 5: OSINT — Sublist3r

1. What is the first subdomain discovered by sublist3r? Answer: web55.acmeitsupport.thm

Task 6: Virtual Hosts

use size=2596 in -fs{size}

1. What is the first subdomain discovered? Answer: delta
2. What is the second subdomain discovered? Answer: yellow

Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/