Hello there,
I am the CEO and one of the co-founders of futurevera.thm. In Futurevera, we believe that the future is in space. We do a lot of space research and write blogs about it. We used to help students with space questions, but we are rebuilding our support.
Recently blackhat hackers approached us saying they could takeover and are asking us for a big ransom. Please help us to find what they can takeover.
Our website is located at https://futurevera.thm
Hint: Don’t forget to add the MACHINE_IP in /etc/hosts for futurevera.thm ; )
This box seems to be looking for one flag. It appears to be located around subdomain enumeration
This lab is exactly what I’ve been looking for to strengthen my subdomain enumeration skills
Based on the hint we will want to add our IP address for futurevera.thm to the host file
We have our homepage. From here lets locate some subdomains
Our results show us both Portal and payroll are available as subdomains
Seeing a there was nothing at Payroll.futurevera.thm and portal.futurevera.thm, I did some research.
For WordPress sites, blog.domain is typically a subdomain that is used.
So testing blog.futurevera.thm, we get the following
Looks to be a standard WordPress site here
Navigating around I didnt find too much to work with
So moving on we are testing support.futurevera.thm (support.domain is another popular one)
Checking into the certificate of this page we find another domain
secrethelpdesk934752.support.futurevera.thm
After adding DNS name to the host file and entering into web browser, we get the flag!
This is definitely a box I would like to revisit at a later date. I believe Ffuf is able to continue to run to locate the subdomains but I need to locate the correct word lists to get to that point