Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Subdomain takeover guide INITD COMMUNITY THE ULTIMATE GUIDE FOR BASIC SUBDOMAIN TAKEOVER WITH PRACTICAL BY Touhid M Shaikh CSpecial Thanks We are InitD Harshal Ghaisas - Logo Designer Shrutirupa Banerjiee Sachin Sase and Sagar Sharma - Members CcToAnBtLeE

INITD COMMUNITY THE ULTIMATE GUIDE FOR BASIC SUBDOMAIN TAKEOVER WITH PRACTICAL BY Touhid M Shaikh CSpecial Thanks We are InitD Harshal Ghaisas - Logo Designer Shrutirupa Banerjiee Sachin Sase and Sagar Sharma - Members CcToAnBtLeE nOFts Introduction What is Subdomain What is Subdomain Takeover All About CNAME How to ?nd CNAME Records What is Subdomain Takeover Lab Let's Takeover Subdomain Github Pages AWS S Bucket Tilda Mitigation Bibliography CINTRODUCTION Subdomain takeover vulnerabilities occur when a subdomain subdomain example com is pointing to a service e g Amazone S GitHub pages Heroku etc that has been removed or deleted This allows an attacker to set up a page on the service that was being used and point their page to that subdomain For example if subdomain example com was pointing to a GitHub page and the user decided to delete their GitHub page an attacker can now create a GitHub page add a CNAME ?le containing subdomain example com and claim subdomain example com CWhat is Subdomain Fig Subdomain is a part of main domain In the above picture Fig I have explained a sudomain The main domian name is subdomain-takeover with extension tk and part of this main domain is touhid which is called subdomain of this main domain CWhat is Subdomain Takeover Subdomain Takeover is a type of vulnerability which occurs due to Mis-con ?guration DNS CNAME NS MX records Scenario Example When a company or individual has con ?gured a DNS CNAME entry for one of its subdomains pointing to an external service ex Heroku Github Pages Bitbucket Tilda AWS S Bucket Shopify etc but the service is no longer utilized by that company In that condition An attacker could register to the external service and claim the a ?ected subdomain to con ?gure his her service's to point a ?ected subdomain CAll About CNAME CNAME stands for Canonical Name is a type of Domain Name System DNS record that maps an alias name to a true or canonical domain name CNAME records are typically used to map a subdomain such as www mail cpanel blog etc to the domain hosting that subdomain's content CHow to ?nd CNAME records There is N-Number of ways to ?nd the CNMAE record to associate subdomain In this section I'll show you a few of techniques to ?nd the CNAME record of the speci ?c subdomain ok started Dig Command dig syed subdomain-takeover tk CNAME DNS Server Here we can use any DNS Server I have used the Google Public DNS Server name But you can use any of DNS servers like Your Private DNS server or any Anonymous DNS server name also Subdomain Name Here I have to ask record to my DNS server Type I have asked for speci ?c CNAME record only to DNS Server CHow to ?nd CNAME records cont'd OUTPUT CHow to ?nd CNAME records cont'd Host Command host syed subdomain-takeover tk OUTPUT There is N-Number of tools to check DNS record in various visual formats You