Marial's Notes
  • Hello!
  • Pentesterlab Labs
    • Recon Badge
      • recon_00 (/robots.txt)
      • recon_01 (404 pages)
      • recon_02 (/.well-known/security.txt)
      • recon_03 (directory listing)
      • recon_04 (/admin)
      • recon_05 (wfuzz)
      • recon_06 (vhost)
      • recon_07 (vhost over TLS)
      • recon_08 (alt name)
      • recon_09 (header)
      • recon_10 (visual recon)
      • recon_11 (virtual host brute)
      • recon_12 (load balance)
      • recon_13 (TXT)
      • recon_14 (zone transfer)
      • recon_15 (int zone transfer)
      • recon_16 (bind version)
      • recon_17 (dev name)
      • recon_18 (public repos)
      • recon_19 (find email)
      • recon_20 (check branches 1)
      • recon_21 (check branches 2)
      • recon_22 (deleted file)
      • recon_23 (commit message)
      • recon_24 (assets)
      • recon_25 (S3)
      • recon_26 (JS)
  • TryHackMe Rooms
    • Basic Pentesting
    • EasyPeasy
    • Kenobi
    • Vulnversity
Powered by GitBook
On this page
  • OBJECTIVE
  • HEADER INSPECTION
  • SOLUTION

Was this helpful?

  1. Pentesterlab Labs
  2. Recon Badge

recon_09 (header)

Previousrecon_08 (alt name)Nextrecon_10 (visual recon)

Last updated 7 months ago

Was this helpful?

View the exercise here:

OBJECTIVE

For this challenge, your goal is to access the headers from responses.

HEADER INSPECTION

When accessing a web server, it often pays off to check the responses' headers. It's common to find information around version and technologies used.

SOLUTION

When we use this default curl command, we don’t get the header.

curl https://hackycorp.com/

Solution #1:

curl https://hackycorp.com/ --dump-header - -o /dev/null

  • --dump-header - shows the HTTP response headers in the terminal

  • -o /dev/nulldiscards the response body (doesn’t save or display it)

Solution #2:

curl https://hackycorp.com/ --dump-header - -o /dev/null -s

  • -s to remove progress bar

PentesterLab: Recon 09