A friend of mine offered me $20 if I could get into his site, but I have like no idea where to start

A friend of mine offered me $20 if I could get into his site, but I have like no idea where to start,
so far all I've managed to learn is that he's running it at a server at work, and it's running Apache 2.4.6 on CentOS, probably the latest.

Any ideas on where to go from here?

Install Gentoo

not kali?

Nice try FBI

Some of you clowns are obsessed the FBI wants to bring you down. Kek

btw this is genuinely just between me and a friend of mine, I think he just wants me to try to pentest his shit

Use Burpsuite to see more info about the site

lot of hacking is social engineering

I'll just show you what I told him..
Downloading now

There's only an index.html file, along with an .htaccess and .htpsswd files, so he's just wasting your time, there's nothing interesting on the site.

well I know you're running an empty minecraft server

I'm spooked solid

fuck man he wouldn't do that.. that's just lame..

and the ssl issuer is bad

yeah I actually noticed that, but I'm not sure what it means

it means it's a self-signed (in this case) or other illegit cert, not run through one of the big corporate ones or that big free open one, lets ssl or something

>wants me to try to pentest his shit
>doesn't know where to start

bring up cmd and type ipconfig to be pro hekerz

did that a while ago, that's how I found out the it's being hosted at Rackspace

well none of the default logins or anything are working, that's the limit of my know-how

So would that mean it's faking a certificate from "Lets Encrypt"?

looks ok to me, some browsers don't recognize them

fuck I'm starting to get a feeling there really is nothing to see here

let's encrypt is a CA (Cert Authority). they give a cert to any request with a valid extension.

really?

really. no idea how he found that out but yeah. I guess there is a way to see someones IP over 4chinz?