Information Gathering - Web Edition Skills Assessment #3

This is the only question that is driving me nuts I have tried to Zone Transfer and dig until I can’t dig anymore to find the server name that is returned to the host. The question is:

Perform active infrastructure identification against the host https://i.imgur.com. What server name is returned for the host?

I’ve found 4 different servers from fastly. I also found the CNAME (Which isn’t the real name that points to the real server, but I have no clue how to point it back.) I have done “dig -x” didn’t work. This is the only thing I have.

Anyone have any clues that can help me?

1 Like

Hi, Do you solve the question?
Could you give me some hints about this question?

1 Like

I solved it. Ill tell you like this. Use the curl -l and follow the redirect. If you’re stuck DM me.

2 Likes

Had to read, “What server name is returned for the host?” a few times before it stood out. I realized I was looking at it all along. Thanks, @QuickFix914

No problem I know sometimes it gets confusing.

Hello,
Could you help me with this question? I have already tried whois, whatweb, dig, nslookup and nothing, i have also tried curl -I $target and i don’t even get a redirect…
Thanks in advance

Do you solve this? If your target is https://i.imgur.com you should see “location” who is the redirect.

When you curl the website you should get an error code.

@SylverSK40 also replied a very useful hint

Guys in this question we are looking for the name of the server of the host and not the servername.
Good luck

What is the answer for this and how did you get it. I have tried below answers, none worked
dns1.p03.nsone.net
Imgur

Can anyone add some help to this… not seeing anything more to try that I haven’t already after “curl -I -L https://i.imgur.com” TIA.

When you curl what do you see? When you go to the website do you see error codes like…200 , 300, or 404? Once you get that part then curl some more! I hope this helps.

Changed links because of new user restriction.
I see a 429 error, no change if I curl -I -L hxxps://imgur[.]com

Output:
$ curl -I -L hxxps://i.imgur[.]com
HTTP/2 302
retry-after: 0
location: hxxps://imgur[.]com/
accept-ranges: bytes
date: Mon, 31 Oct 2022 15:04:55 GMT
x-served-by: cache-hhn4041-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1667228696.975248,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
content-length: 0

HTTP/2 429
retry-after: 0
content-type: application/json
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
accept-ranges: bytes
date: Mon, 31 Oct 2022 15:04:56 GMT
x-served-by: cache-lcy19258-LCY
x-cache: MISS
x-cache-hits: 0
server: cat factory 1.0
strict-transport-security: max-age=300
x-frame-options: DENY
access-control-allow-origin: hxxps://imgur[.]com
access-control-allow-credentials: false
content-length: 109

I used whatweb -a3 URL -v and found the answer right there. IMHO “What server name is returned for the host?” is very poor wording. The question should be something along the lines of “What HTTPServer name is returned for the host?”

5 Likes

So look at the second request what’s the “server’s name”?

Thank you for the hint @pr0ximity, I got it.

Thanks @QuickFix914, I will have to go back and see what I am missing from curl, couldn’t find it that way.

Hello, did you manage to work it out?! I have tried all the responses in the HTTP header but they are wrong answers…

You use the curl function with the proper switch and follow the clue it gives you, then curl again.