student@ubuntu:~$

ncl 2/5 30 XP

Web Reconnaissance

Challenge Gallery

tag would be blocked. But if you can upload a malicious script to cdn.example.com, or find a JSONP endpoint on an allowed origin, you can bypass it. CSP makes XSS harder, not impossible."}]

Quick Reference

Command	What It Does
`curl https://example.com`	Fetch page content
`curl -I https://example.com`	Fetch headers only
`curl -v https://example.com`	Verbose (full request/response)
`curl -A "Googlebot" https://example.com`	Spoof User-Agent
`curl -b "session=abc" https://example.com`	Send a cookie
`curl -o page.html https://example.com`	Save to file
`curl -s https://example.com/robots.txt`	Fetch robots.txt (silent)
`wget -r https://example.com`	Mirror a website recursively
`gobuster dir -u https://example.com -w wordlist.txt`	Directory brute-force

HTTP Status Codes

Code	Meaning	Recon Value
200	OK	Resource exists and is accessible
301	Moved Permanently	Redirect — follow it to find the new location
302	Found (Temporary Redirect)	Often used for login redirects
403	Forbidden	Resource exists but access is denied — worth probing further
404	Not Found	Resource does not exist
500	Internal Server Error	Server-side bug — may reveal stack traces
502	Bad Gateway	Reverse proxy cannot reach the backend
503	Service Unavailable	Server overloaded or in maintenance

Key Files to Check

Path	Why
`/robots.txt`	Lists paths hidden from search engines
`/sitemap.xml`	Complete map of all intended public pages
`/.git/`	Exposed Git repo — download with git-dumper
`/.env`	Environment variables (DB creds, API keys)
`/wp-login.php`	WordPress login — reveals CMS
`/server-status`	Apache status page (if enabled)
`/phpinfo.php`	Full PHP configuration dump

Unlocks

Complete this skill to see what it unlocks.

New content available