Halloween Bounty: Trial 3

Discussion in 'Missions Center' started by Gilgamesh0306, Oct 31, 2018.

  1. Gilgamesh0306

    Gilgamesh0306 Active Agent

    Hello I am up to this point, could use a hint.
    I know the parent company`s URL via one subdomain, which unfortunately in comparison to the similar "roastednready" subdomain is not vulnerable. I searched the parent company`s URL via sfuzzer and osintscan (google, bing, yahoo) and also tried fingerprinting the URL with the 10 subdomains used by roastednready - but no vulnerable subdomain came up
     
  2. Whitehouse

    Whitehouse Active Agent

    From memory, this one was straight-up
    have you tried osintscanning the IP addresses? (i'm guessing this isn't a huge spoiler if you're up to this bit, but i figure you might have forgotten..?)
     
  3. Gilgamesh0306

    Gilgamesh0306 Active Agent

    Yes, that's how I got from the initial URL to
    the subdomain jobs.bates... - but this subdomain isn't vulnerable and no osint or sfuzzer gives me another subdomain for bates
     
  4. Whitehouse

    Whitehouse Active Agent

    sfuzzer works much better once you're connected to a vpn...
     
    Gilgamesh0306 likes this.
  5. Nioreh

    Nioreh Active Agent

    Same problem here! I'm on the same thing and stuck!
     
  6. AgentZeus

    AgentZeus Senior Agent

    its a good tip that when you are connected to a new server you should run a sfuzzer to see what comes up - and you shouldn't always just sfuzzer for the domain you are connected to......
     
  7. Nioreh

    Nioreh Active Agent

    Hmm... thought about that... but still find only one subdomain from
    batesbeverages.com
     
  8. AgentZeus

    AgentZeus Senior Agent

    hmmm.... going from what i can recall....
    when connected to the rnr server an sfuzz of bb for a while gave a list of bb subdomains...

    hopefully someone else can confirm! :D
     
  9. Whitehouse

    Whitehouse Active Agent

    hope this one isn't too big a giveaway...

    batesbeverages is a parent company... it's linked with another network. If you can connect to that other network, sfuzzer might be able to come up with something...
     
  10. Nioreh

    Nioreh Active Agent

    Oh my....I miss a subdomain with fingerprint lol!

    Thanks!
     

Share This Page