|/5ways /cloudflare /guide|
/guide A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers https://blog.projectdiscovery.io/guide-to-dns-takeovers/
Currently known vulnerable DNS services
EdOverflow / can-i-take-over-xyz https://github.com/EdOverflow/can-i-take-over-xyz?ref=projectdiscovery-io-blog
5 Ways to Exploit a Domain Takeover Vulnerability
- Yash Anand October 28, 2021
How to take over a subdomain in Google Cloud DNS Mark van Holsteijn on Jan 27, 2022 /
detect and resolve DNS dangling / sub-domain takeover in GCP Posted on 07-18-2022 05:24 AM https://www.googlecloudcommunity.com/gc/Security/detect-and-resolve-DNS-dangling-sub-domain-takeover-in-GCP/m-p/446094
Mining Takeovers for Fun and Profit
Artur Marzano 2023-03-02
This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains.
In this experiment I will show how I was able to find with little effort more than 200 domains that could be theoretically taken over across different providers and parent domains by using data from a public search tool (SecurityTrails) and an open-source repository (can-i-take-over-dns).
Please note that I did not find any new vulnerabilities nor develop any sort of attack tools or techniques during this research. I just analyzed what was already there, not being responsible in any way for whatever damages could be caused by the usage of the methods described below.
cloudflare は除外したとある。awsdnsは vulnerableではないとの扱いだ。:ー)
- Azure, NS1, Google Cloud が主なところらしい。
- 遠山 孝 2018年12月7日 14:35
Lame Delegation Cleanup. Registrars
Nameserver Segregation. Providers
Detection & Response. Providers
Vulnerable providers can warn customers explicitly when they try to remove a zone, informing them that they must remove the NS record at their registrar prior to removing the delegated zone.
Finally, about the title of the article - I did have lots of fun doing this, but I didn't really profit anything, so for now I just hope this article was instructive for readers and that this will inspire researchers, registrars and providers to think about the problem =)