TryHackMe: Subdomain Enumeration Writeup

Subdomain Enumeration Room’s Logo on TryHackMe

This room aims to teach the various ways of discovering subdomains to expand your attack surface of a target. We will learn about 3 different subdomain enumeration methodologies, which are Brute Force ( using DNSRecon and Sublister tool), OSINT ( using https://cert.sh website) and Virtual Hosts ( using ffuf tool).

This room can be accessed using this link: https://tryhackme.com/room/subdomainenumeration

Task 1: Brief

  1. What is a subdomain enumeration method beginning with B? Answer: Brute Force
  2. What is a subdomain enumeration method beginning with O? Answer: OSINT
  3. What is a subdomain enumeration method beginning with V? Answer: Virtual Host

Task 2: OSINT — SSL/TLS Certificates

  1. What domain was logged on crt.sh at 2020–12–26? Answer: store.tryhackme.com

Task 3: OSINT — Search Engines

  1. What is the TryHackMe subdomain beginning with B discovered using the above Google search? Answer: blog.tryhackme.com

Task 4: DNS Bruteforce

  1. What is the first subdomain found with the dnsrecon tool? Answer: api.acmeitsupport.thm

Task 5: OSINT — Sublist3r

  1. What is the first subdomain discovered by sublist3r? Answer: web55.acmeitsupport.thm

Task 6: Virtual Hosts

use size=2596 in -fs{size}

  1. What is the first subdomain discovered? Answer: delta
  2. What is the second subdomain discovered? Answer: yellow

Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Which Cryptocurrency Wallet Is The Most Trusted One?

Introduction to Cryptography

{UPDATE} Cookie Parring Spil Hack Free Resources Generator

What is Cybersecurity? — A Beginner’s Guide to Cybersecurity World

This is harder than it seems

Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)

{UPDATE} 海底萌萌消【2016开心版】 Hack Free Resources Generator

The Privacy Problem

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TheCyberWarrior

TheCyberWarrior

More from Medium

Empline — TryHackMe Writeup

TryHackMe: Pickle Rick

TryHackMe: Authentication Bypass a Walkthrough

TryHackMe CTF Bounty Hacker: Walkthrough