Recon | Defend the Web

Kind of a pain to solve this one for me

Hacker Silhouette | Credit: B_A on Pixabay

Problem

One of the most unique problems I’ve seen on the site so far. A common method in attacking websites is researching how the site is hosted and looking for common exploits/mistakes with these technologies. Use the network tab for to start for this one, but keep in mind that doesn’t contain everything.

3 questions, 2 resources required

Solution

So let’s inspect the page and head towards the network tab, refresh the page and click on the recon name.

So we have 2 pieces of information for this mission just by looking at the headers. Remote address represents the IP hosting this page and the key is a response header (this is a custom header, you won’t see this normally).

Finally we have to pull company that hosts the site. However, this is a bit tricky as I got mislead initially. One technique I used was doing a ICANN Lookup to grab registrar information (whois lookups are just as effective as well).

Gandi Net is a start

However, this isn’t the correct answer to put in “Gandi” as the answer, which means they host somewhere else. Afterwards I checked with Hosting Checker and found that AWS (Amazon Web Services) is hosting the site currently.

AWS is always the root

So entering “Amazon” nets you the correct answer. I did a bit more digging on Gandi and found this on the Wikipedia.

“On 31 July 2014, Amazon Web Services partnered with Gandi and announced the ability to register domains directly through their Route 53 Service.”

Anyways you have the 3 pieces of information to answer correctly.

Thanks for the read.