MoinQ:

Contents

Don’t get confused between domain takeover and subdomain takeover. 
They are two separate vulnerabilities.

Exploitation Scenario 1: Chaining with Deep link

Exploitation Scenario 2: Accessing Sensitive Information and Email

Exploitation Scenario 3: Phishing / Domain Abuse

Exploitation Scenario 4: Extracting Sensitive Information Using LOGS

Exploitation Scenario 5: Login using SSO

Conclusion

There is no specific methodology to check for Domain Takeover, 
but here are a few places where a pentester must look to discover potential domains:

    Organization/Developers’ Github / Gitlab / Bitbucket public accounts
    URLs in the application (current/historic)
    Javascript files (regular/obfuscated)
    Application Request/Response
    Application 3rd party Requests

Once you have a list of possible domains, 
search them for availability using bulk domain search tools such as https://www.namebright.com/BulkSearch.

A successful domain takeover impacts organizations financially, technically as well as their reputation.

The best and easiest way to protect the organization from domain takeover is 
to set up monitoring for domain expiry and renew old domains even if they are not in use. 

Another complex method is to perform regular code/configuration review and 
change all the instances where the expired domain and its subdomain are used,
and delete all the third-party accounts registered using the expired domain.


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/takeovers/5ways (last edited 2023-03-23 03:48:39 by ToshinoriMaeno)