recon_08 (alt name)

View the exercise here: PentesterLab: Recon 08

OBJECTIVE

For this challenge, your goal is to access the alternative names in the certificate.

ALTERNATIVE NAMES

When accessing a TLS server, it often pays off to check the content of the certificate used. It's common for TLS servers to have certificates that are valid for more than one name (named alternative names). Looking for alternative names can be done in your client or by using openssl.

SOLUTION

In the browser, click the browser settings at the left side of the URL.

Click Connection is secure then click Certificate is valid.

Select the Details tab

Scroll the Certificate Fields list then select Certificate Subject Alternative Name

Copy the DNS Name field value

Open it in your browser to get the flag

An alternative solution using curl:

If we use http, we’ll obtain the flag for recon 06 ❌

We’ll get the recon 08 flag when https is used

Previousrecon_07 (vhost over TLS)Nextrecon_09 (header)

Last updated 27 days ago