Reconnaissance ctf – tryhackme
Hello Friends! I’m going to make a write-up about the secuneus CTF room Task 3 Reconnaissance CTF – Tryhackme
Reconnaissance: Reconnaissance is the first step of penetration tester, Reconnaissance is a practice of discovering and collecting information about the target web application and network both, It helps the Penetration Tester to exploit the system.
In this challenge we need to collect the information about the website secuneus.com and also need to find the answer of given questions.
Wappalyzer: Wappalyzer is a technology profiler used to extract information related to the technology stack of the target. If you want to find out what CMS or libraries the target is using and any framework, Wappalyzer is the tool to use.
Q 1: Detect the technology that used in this website .
Ans: WordPress
Q 2: Detect the programing language that used in this website.
Ans: PHP
Q 3: Detect the version of the programing language that used in this website.
Ans: 7.4.28
Q 4: Detect the databases of the same website.
Ans: MySQL
Wayback Machine: The Wayback Machine is a digital archive of the World Wide Web, founded by the Internet Archive. It allows the user to go “back in time” and see what websites looked like in the past.
sing wayback machine could be a great advantage because you can go to the past and check for the sensitive files that existed before.
For eg. I have a website that I have made in 2010 which have frequent updates till 2020, so what an attacker can do is he/she can use the wayback machine to check my past website of 2010 and then he/she can use the filter to searches, can use the directory brute force attack etc. to have sensitive files
Q 5: Is the website snapshot taken by Google?
Ans: Yes
DNSdumpster is a free domain research online tool that can discover hosts related to a domain. It helps to find out subdomains, HTTP headers, banner grabbing, MX Records, DNS Servers , TXT Records etc. It helps a lot in gathering information about the target. https://dnsdumpster.com/
No need to Give Answer
Netcraft is an Internet monitoring company that monitors uptimes and provides server operating system detection as well as a number of other services.
Netcraft has an online search tool that allows users to query its databases for host information.
Netcraft gives you some more information about the websites like NetBlocks, OS name, Site reports which includes site title, site rank, site description and many more things. Netcraft is also a good online tool for recon.
No Need to Give Answer
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources.
It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only – passive subdomain enumeration, and it does that very well.
Q 6: which flag would you use to discover the subdomain of website?
Ans: -d
Server: When it comes to web hosting services, there are so many options to choose from that you may feel at a loss for where to start. To simplify things, this guide will focus on the two web hosting setups on opposite ends of the spectrum: shared hosting and dedicated hosting.
Shared Hosting allows multiple users/websites/accounts to be hosted on a single web server. Dedicated hosting, in its turn, is a single server solely devoted to one user.
Q 7 : Is nathusweets.com website using shared server or Dedicated ?
Ans: shared
Author: Shaan Grover is an InfoSec intern. Contact here