April 14, 2026
Pentester Lab Recon 07 Writeup
Pentester lab recon 07 The goal here is to find the vhost through/over TLS by manipulating URL and curl commands.
Robert Nyinge
1 min read
We need to understand TLS first, TLS (Transport Layer Security) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS weaknesses
The weakness primarily stem from using deprecated protocols (TLS 1.0/1.1), weak cipher suites (e.g., 3DES, RC4), and misconfigured certificates, enabling man-in-the-middle (MITM) attacks and data decryption
So….the Solution
First things first, we get the IP address of the website using dig, host etc.
Then we try to curl the website curl http://51.158.147.132.
This will not work as the certificate does not match the IP address,
so we need to tell curl that we have to do it insecurely, therefore we add — — insecure to the command,
we can also do it in verbose mode to see more details on what goes on. We add -v, you can tinker with more commands to get more details on the application information