Hi all,
I am having trouble with question #3 (Perform active infrastructure identification against the host https:// gear[.]githubapp[.]com. What server name is returned for the host?), I have already answered all the other questions but this one I am stuck on.
I have tried:
Going to https:// gear.githubapp[.]com in the browser and I get unknown host. Using Burp and without burp. Also trying http instead of https, also tried to see if it was a vhost using burp
I have tried curl:
curl -I https:// gear[.]githubapp[.]com. The response is curl: (6) Could not resolve host: gear[.]githubapp[.]com
and just incase it was a vhost
curl -I https:// githubapp[.]com -H “Host: gear[.]githubapp[.]com”. which I get a status 400
Whatweb:
whatweb -a 1 https:// gear[.]githubapp[.]com, ERROR Opening: https:// gear[.]githubapp[.]com - no address for gear[.]githubapp[.]com
Aquatone and Eyewitness did not get anything either.
- I know it says active but just incase I was missing something I tried these steps as well
Waybackmachine:
Which found the page FEB 20 2019, but it is a 302 to a github login page that uses OAuth.
Dig:
dig ns gear[.]githubapp[.]com was the only one that gave me any real feed back.
CNAME aquatic-cucumber-a8v3wu9jbll2hidkklzjvzc0[.]herokudns[.]com
dns1[.]p05[.]nsone[.]net.
no combination of a zone transfer gave me any real feed back.
Can someone please give me a nudge/hint? AS far as I can see the host is not up and I cannot think of / find away to get the Server from a host that is not up.
Thanks