Subdomain takeover- Vuln which can give you easy money
Subdomain takeover is high-security vulnerability via which attacker can control a expired management service from where the subdomain of site was pointing
What is that services ?
It can be anything some of the vendors uses services like shopify to build their shopping platform wihtout changing their offcial subdomain you may have seen while shopping into some of site something like powered by shopify or something else this whole process of connecting one services to another is done by Cname.
What is Cname and How it works -
Cname stands for canonical name it is something which is related to hosting and domain connecting system so suppose you buyed a one domain from godaddy.com and hosting from hostinger.com for connecting this space we have thing like nameserver have done setup with nameserver and webservices get started this is the whole process apply on cname as well it is used to pointing one domain to another domain without getting change with actual subdomain .And if the cname record expired then any malacious actor can perform takeover
How to Exploit it and done with takeover 🤨
Our hand is not a automated tool so we will use the tool name called HOSTILESUBDOMAINBRUTEFORCER which is made in ruby lang and created by nahamsec
1.git clone https://github.com/nahamsec/HostileSubBruteforcer
2. ruby sub_brute.rb
3. And then paste your target domain in command line and start the process
You are seeing the highlighted part which is saying check for domain where is this pointing so look into the site and check for their cname record if the cname record is still present then you can easily takeover the domain
But make sure cname domain was expired hahaha
Note- Don't send theoretical report to program because sometimes the tool gave false-positive response so always check twice :)
Do Follow Techiepedia for more Interesting write-ups!