Offensive Security Tooling: Gobuster: The Basics (TryHackMe)

J3bitokJ3bitok
1 min read

In this article, I will write a Gobuster: The Basics that covers Environment and Setup, Gobuster: Introduction, Use Case: Directory and File Enumeration, Use Case: Subdomain Enumeration, and Use Case: Vhost Enumeration.

  1. What flag to we use to specify the target URL? -u

  2. What command do we use for the subdomain enumeration mode? dns

  3. Which flag do we have to add to our command to skip the TLS verification? Enter the long flag notation. --no-tls-validation

  4. Enumerate the directories of www.offensivetools.thm. Which directory catches your attention? secret

  5. Continue enumerating the directory found in question 2. You will find an interesting file there with a .js extension. What is the flag found in this file? THM{ReconWasASuccess}

  6. Apart from the dns keyword and the -w flag, which shorthand flag is required for the command to work? -d

  7. Use the commands learned in this task, how many subdomains are configured for the offensivetools.thm domain? 4

  8. Use the commands learned in this task to answer the following question: How many vhosts on the offensivetools.thm domain reply with a status code 200? 4

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the THM challenges. We can also connect more on LinkedIn or X.

0
Subscribe to my newsletter

Read articles from J3bitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

gobusteroffensive-securitytryhackmeWrite Up

Written by

J3bitok
J3bitok

Software Developer Learning Cloud and Cybersecurity Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship you can book a session with me on Mentorlst.com.