DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.
I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).
As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).
Challenge Recon
This challenge is rated as Bronze difficulty, so it might be easy to solve. The author presents us only with 3 fields for us to provide the following information:
- What is the IP of the server hosting this page
- Which company hosts our server
- B6-Key header
For the first two it is really simple, a simple “ping” command will give you the IP, and then a simple whois to the IP you just discovered will give you the hosting company. The third one though, B6-Key header, got me puzzled. I was not sure about what service we should headers from, initially I though it would have to be something about e-mail headers (no idea why I though that!) alter on I simply started analyzing the HTTP response headers from the challenge page, and finally found it there.
I hope you enjoyed this one. See you on the next challenge!