recon_06 (vhost)

View the exercise here: PentesterLab: Recon 06

OBJECTIVE

For this challenge, your goal is to access the default virtual host ("vhost").

FUZZING DIRECTORIES

When accessing a new webserver, it often pays off to replace the hostname with the IP address or to provide a random Host header in the request. To do this, you can either modify the request in a web proxy or use:

curl -H "Host: ...."

SOLUTION

Solution #1:

Do DNS resolution to get IP.

dig (Domain Information Groper) is used to query DNS servers. This command will return details such as the A record (the IP address of hackycorp.com), which you’ll use in later steps.

dig hackycorp.com

Connect the client to the IP address:

curl http://51.X.X.X/ -v

The command makes a request to the IP address and shows you the entire process, including the HTTP headers and the response from the server. This helps you see how the server reacts, providing information that could lead to finding the key or solution for the challenge.

Solution #2:

Access the IP on a browser to get the flag.

Additional Notes:

curl http://hackycorp.com/ -v

If we just use the URL, not the IP, we only get html response because we are accessing the website itself.
The host header is different.

Additional Notes (cont.):

But if we add a header, we'll get the flag:

curl http://hackycorp.com/ -v -H "Host: test"

-v verbose option
-H to add header

Previousrecon_05 (wfuzz)Nextrecon_07 (vhost over TLS)

Last updated 5 months ago

Was this helpful?