Subdomain Enumeration (서브도메인 검색)
Learn the various ways of discovering subdomains to expand your attacks surface of a target.
Task 1 Brief
Subdomain enumeration is the process of finding valid subdomains for a domain. We do this to expand our attack surface to try and discover more potential point of vulnerability.
There are three different subdomain enumeration methods: Brute Force, OSINT and Virtual Host.
Task 2 OSINT – SSL/TLS Certificates
What domain was logged on crt.sh at 2020-12-26?
Go to crt.sh and search for the tryhackme.com, find the entry that was logged at 2020-12-26
Task 3 Search Engines
Search engines can be a resource for finding new subdomains. We can narrow the search results using filter on websites like Google.
What is the TryHackMe subdomain beginning with B discovered using the above Google search?
Task 4 DNS Brute force
Bruteforce DNS enumeration is the method of different possible subdomains from a pre-defined list of commonly used subdomains. We are using a tool called dnsrecon to perform this.
What is the first subdomain found with the dnsrecon tool?
Task 5 OSINT – Sublist3r
We can automate the above methods with the help of tools like Sublist3r.
What is the first subdomain discovered by sublist3r?
Task 6 Virtual Hosts
What is the first subdomain discovered?, What is the second subdomain discovered?
