Hello!
Pentesterlab Labs
- Recon Badge
TryHackMe Rooms

Powered by GitBook

On this page

Was this helpful?

Pentesterlab Labs

Recon Badge

recon_08 (alt name)

Previousrecon_07 (vhost over TLS)Nextrecon_09 (header)

Last updated 5 months ago

Was this helpful?

View the exercise here: PentesterLab: Recon 08

OBJECTIVE

For this challenge, your goal is to access the alternative names in the certificate.

ALTERNATIVE NAMES

When accessing a TLS server, it often pays off to check the content of the certificate used. It's common for TLS servers to have certificates that are valid for more than one name (named alternative names). Looking for alternative names can be done in your client or by using openssl.

SOLUTION

In the browser, click the browser settings at the left side of the URL.

Click Connection is secure then click Certificate is valid.

Select the Details tab

Scroll the Certificate Fields list then select Certificate Subject Alternative Name

Copy the DNS Name field value

Open it in your browser to get the flag

An alternative solution using curl:

If we use http, we’ll obtain the flag for recon 06 ❌

We’ll get the recon 08 flag when https is used

OBJECTIVE
ALTERNATIVE NAMES
SOLUTION