Information Gathering - Web - Skills Assessment

Hi all,

I am having trouble with question #3 (Perform active infrastructure identification against the host https:// gear[.]githubapp[.]com. What server name is returned for the host?), I have already answered all the other questions but this one I am stuck on.
I have tried:
Going to https:// gear.githubapp[.]com in the browser and I get unknown host. Using Burp and without burp. Also trying http instead of https, also tried to see if it was a vhost using burp
I have tried curl:
curl -I https:// gear[.]githubapp[.]com. The response is curl: (6) Could not resolve host: gear[.]githubapp[.]com
and just incase it was a vhost
curl -I https:// githubapp[.]com -H “Host: gear[.]githubapp[.]com”. which I get a status 400
Whatweb:
whatweb -a 1 https:// gear[.]githubapp[.]com, ERROR Opening: https:// gear[.]githubapp[.]com - no address for gear[.]githubapp[.]com
Aquatone and Eyewitness did not get anything either.

  • I know it says active but just incase I was missing something I tried these steps as well
    Waybackmachine:
    Which found the page FEB 20 2019, but it is a 302 to a github login page that uses OAuth.
    Dig:
    dig ns gear[.]githubapp[.]com was the only one that gave me any real feed back.
    CNAME aquatic-cucumber-a8v3wu9jbll2hidkklzjvzc0[.]herokudns[.]com
    dns1[.]p05[.]nsone[.]net.
    no combination of a zone transfer gave me any real feed back.
    Can someone please give me a nudge/hint? AS far as I can see the host is not up and I cannot think of / find away to get the Server from a host that is not up.

Thanks

That question is a little different for me I got i.imgur.net. I just to dig through the different server that I was presented with. I couldn’t get a zone transfer at all. I know that the CNAME isn’t the real name but I’m stuck. Maybe just keep digging through the options you get back.

I also got imgur, but i.imgur.com, I digged as far as I could but nothing :C

I don’t want to get you the answer but pay attention to the error code in the header, then follow that. DM me if you need help.

1 Like

The question I have for #3 is:

Perform active infrastructure identification against the host https://i.imgur.com. What server name is returned for the host?

The solution is pretty simple. Look back to the section that goes over Active Infrastructure Identification and start from the top. The answer is easy to miss