Security and Technology

Últimas

How to find subdomain take over – Learn Penetration Testing & Ethical Hacking

For all those asking about Subdomain Take overs vulnerabilities , here we go….

First what is subdomain takeover ?
A serive on your website assets.mysite.com hosted at third party like bitbucket or heroku at this url mysiteasset.heroku.com , and this service is not used on heroku , so an attacker can claim it , then when you visit assets.mysite.com you are pointed to attacker site on heroku .

Scenario
1- Facebook starts new service like shop
2- Facebook points a subdomain to the Shop-service, eg shop.facebook.com
3- Mark stops the project and facebook forgets to remove the subdomain redirection pointing to the shop system.
4-Attacker signs up for the Service and claims the domain as theirs.
5- Attacker now can post a defacement or put an HTML Form and asks users to login (Perform phishing attack)

Solution
Remove DNS entries

Note From detectify
Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if you are one of them by using our quick tool, or go through your DNS-entries and remove all which are active and unused OR pointing to External Services which you do not use anymore.

So here we go for detecting !
Detection of this issue is so simple , you just to need to get a list of subdomains and visit them
if you find a page error not found like this

“this error is related to heroku , Consider other errors of bitbucket, Squarespace, Shopify, Desk, Teamwork, Unbounce, Helpjuice, HelpScout, Pingdom, Tictail, Campaign Monitor, CargoCollective, StatusPage.io and Tumblr”

so you found a vulnerable subdomain , Congrats !!

How to find subdomains ?
We have a two amazing tools and we are going to explain both

SubLister
The first tool is by Ahmed abuEl3la it searchs many points (google ask , ssl certs) and get you a list of valid subdomains

usagepython sublist3r.py -d example.com

sublister

The second tool is knockpy

amazing tool , perform some bruteforce and gets you a list of subdomains and if there is a subdomain points to an external service it will notify you

knockpy
Installingpython knockpy.py install

Usage of knockpyknockpy snapchat.com

Result of knock

as you see knock notifies you , the yellow-colored lines tell us that there is a domain points to a service on heroku

atlas.instacart.com >>> tochigi-6557.herokussl.com
bugs.instacart.com >>> akita-7862.herokussl.com

you need to visit this domains to check whether vulnerable or not , if you found a no such app error then this subdomain is vulnerable

EXTRA Tool
But what if we have about 250 subdomains this process is very fatiguing and needs much time .

we have a solution you can create a list of ‘unclaimed services source codes’ like ‘no such app ‘ incase of heroku and write a script to detect this codes .

we can use sup6 to do thispython sub6.py mylist.txt

usage of sub6
and watching the result

References
– Detectify Peter yaworsk Video

Toolsknocksublistersub6 ‘UnderDev’

The post How to find subdomain take over appeared first on Learn Penetration Testing & Ethical Hacking. http://ift.tt/2bD8Mk2 http://ift.tt/2aM8QhC

Hit-And-Run Tactics Fuel Growth In DDoS Attacks

A majority of organizations in Imperva DDoS study suffer multiple consecutive attacks. http://ift.tt/2bE4nOZ http://ift.tt/2aM8QhC

Some ISPs in India are blocking access to ThePirateBay.org

By Waqas

ThePirateBay.org domain has been blocked by some ISPs in India

This is a post from HackRead.com Read the original post: Some ISPs in India are blocking access to ThePirateBay.org http://ift.tt/2bE1mP0 http://ift.tt/2aM8QhC

Ransomware Costs Enterprises $209M In 1H 2016

New report from Trend Micro shows the addition of ransomware families in first half of the year nearly doubled numbers for new families found in all of 2015. http://ift.tt/2c43d1r http://ift.tt/2aM8QhC

Rebelde, Traidor, Intocável. Sete perfis de funcionários de alto risco

Rebelde, Traidor, Intocável. Sete perfis de funcionários de alto risco Para entender quem são estes funcionários e porque representam um risco, temos que olhar a raiz do problema http://ift.tt/eA8V8J http://ift.tt/2bKWHrH http://ift.tt/2aM8QhC

Rebelde, Traidor, Intocável. Sete perfis de funcionários de alto risco

Rebelde, Traidor, Intocável. Sete perfis de funcionários de alto risco Para entender quem são estes funcionários e porque representam um risco, temos que olhar a raiz do problema http://ift.tt/eA8V8J http://ift.tt/2bKWHrH http://ift.tt/2aM8QhC

Cryptoneat: The Company Behind KickassTorrents Vanishes From The Internet

Cryptoneat: The Company Behind KickassTorrents Vanishes From The Internet

Short Bytes: Cryptoneat is a company that is supposed to be the force behind the defunct KickassTorrents. A report by…

The post Cryptoneat: The Company Behind KickassTorrents Vanishes From The Internet appeared first on fossBytes. http://ift.tt/2bd36QL http://ift.tt/2aM8QhC

Seguir

Obtenha todo post novo entregue na sua caixa de entrada.

Junte-se a 173 outros seguidores

%d blogueiros gostam disto: