How to exploit/hunting of hostile subdomain takeover by kidnapshadow

kidnapshadowKidnapshadow -
0

 How to exploit/hunting of hostile subdomain takeover by kidnapshadow

Hey guys, This side kidnapshadow (Sidharth)

Right now, I am explaining background concept about hostile subdomain takeover, and I give you practical demonstration about hostile subdomain takeover . so stay tuned with my blog.

#1 B.G concept about hostile subdomain takeover

Hacker can claim subdomain with the help of external services this attack is practically non-trackable and affects at least 17 large service and multiple domains are affected.

#2 ATTACK SCENARIO
EX:- your company start using a new service eg , an external support ticketing-services

your company point a subdomain to the support ticketing-services eg:- support.your-domain.com

after few years your company stops using this services but does not remove the subdomain redirect pointing to the ticketing system

attacker sign up for the service and claims the domain as their no verification is done by the service provider and the dns-setup is already setup.

attacker can now build a complete clone of the realsite, add a login form redirect the user ,steal credentials (eg:- admin account), cookies and completely destroy business credibility for your company.

#PRACTICLE demonstrate about hostile subdomain takeover

→ you have a website (eg:- any.com)

→ you want a support system

→ you create a subdomain support.any.com from any2.com(support)

→ you pointed this subdomain to any2.com(support)

→ you later on you cancelled or service expired

→ but you forgot to remove the redirection of pointing he sub-domain to any2.com(support)

→ if an attacker will get to know this situation

→ attacker will simply go to any2.com will buy their support service after that they will add this subdomain (support.any.com) as their own

→ and they will successfully claim that this subdomain is belongs to an attacker because it won’t verify on any2.com

#Hunting for hostile subdomain takeover

→ download hostile subdomain brute force on Linux environment

link:- https://github.com/nahamsec/hostilesubbruteforcer/

step is very simply for hostile sub domain takeover

→ you have find a sub domain pointing to the third party website (any.com)

→ make sure service is inactive or cancelled or expired

→ go that third party website register as client and when they ask to point your subdomain you just give subdomain.

Tags:
Kidnapshadow

Hey everyone, This side sidharth cybersecurity | ethical hacking https://medium.com/@kidnapshadow

Post a Comment

Post a Comment (0)

Previous Post Next Post