As we progress through Hack The Box challenge series and continue our journey to pawn the machines, our current challenge is named as three.
we press the pawn machine button and get the IP address of our target machine.
Just like any other target, we start by performing NMAP scan. 

our results are as followed:

As evident from nmap scan, this IP address is running a website and one port is open for SSH connection.

Looks like we are going to get SSH access to the server.

bb                                                                                                                                                                                                      

Now that we have a domain, its time to enumerate its subdomains.
Subdomains can be enumerated through Gobuster(vhost mode), sublist3r, Wfuzz, feroxbuster, Fuff or any other tool that be found through a simple simple google/chatgpt search (hey Google, give me tools list to find subdomains of a website/domain and their usage commands).

in case of any tool, we will need a pre-compliled list of words for fuzzing purpose.
Here i'm downloading the latest lists through seclists.
Command: sudo apt install seclists
or we can get it cloned through Git
Command: git clone https://github.com/danielmiessler/SecLists.git

For a better usage, i'm moving this folder to /opt/ directory.

Here, the following snippet is from attack machine, the above ones showing installations of Seclists were from my personal VM, so IP address or path can vary slightly. Our objective is to get every things on our hands.

Traversing to cmd= cat /var/www/flag.txt