Subdomain Takeovers for Beginners

In this short article the following will be explained/covered

What Subdomain takeovers areHow to find & Exploit themA challenge (Try to take over my vulnerable subdomain)

What is it?
Subdomain takeover is when an attacker can host (malicious) content on a subdomain of someone else. This usually happens because a person/company uses a service for example Github Pages, after a while they stop using the service and delete the repository that was used to serve the content of the subdomain.

BUT they forgot to delete the CNAME record in their DNS zone. This allows the attacker to create a repository on github, put in the content they want to serve, set up github pages and connect to the subdomain, and because the CNAME record is already setup the content is immediatly served. Allowing attackers to host malicious content like crypto scams.

How to find & Exploit

Subdomain finding/fuzzing: In order to take over subdomains you first need to get a list of subdomains, for this process I use subfinder https://github.com/projectdiscovery/subfinderFilter the list of subdomains: Not all subdomains…