What is Subdomain Takeover
Indonesia – SECRY – Subdomain Takeover Vice – Okay, let me explain subdomain takeover in simpler terms. Imagine you have a house with a big yard, and you decided to rent out a small section of your yard to a tenant. Over time, you and the tenant decided to part ways, and the tenant moved out. However, you forgot to take back the keys to the small section of the yard that the tenant was using.
Now, if someone else finds the keys to the small section of your yard, they can easily move in and start using it for their own purposes, even though they have no right to do so. Similarly, subdomain takeover happens when a company or website forgets to take back control of their subdomain after they stop using it. This makes it easy for hackers to take over and use the subdomain for their own malicious purposes, like phishing or stealing data.
The Story
A bug hunter named Muhammad Syahrul Haniawan managed to find a security hole in one of the subdomains of the vice.com site, so that he could take over Github Page subdomain and change the appearance of the index.
In 2021, Vice Media, one of the biggest American-Canadian media companies, narrowly avoided a potential hacking incident. The incident occurred when a curious bug hunter named Syahrul stumbled upon a vulnerability while browsing the company’s website.
Using CRT.sh to scan subdomains of vice.com
Base on the story, Syahrul had been up late playing MOBA games with his friends and had accidentally stumbled upon an article on Vice.com. Despite feeling drowsy, he decided to scan the subdomains of the site using crt.sh.
Surprisingly, one of the subdomains led to a 404 Not Found GitHub page. Intrigued by this, the hunter decided to conduct further investigation and found that the same issue had been previously reported on https://github.com/EdOverflow/can-i-take-over-xyz/issues/37. Despite feeling groggy and tired, he decided to try the method and take over the subdomain using the GitHub page. Amazingly, the attempt was successful!
Fearing that this could potentially cause harm, the hunter decided to report the vulnerability to Vice Media.
Get HoF for subdomain takeover Vice Media
As a result of his efforts, the hunter was awarded the Hall of Fame by Vice Media for their responsible disclosure. The Vice Media team immediately fixed the issue and implemented a more secure system to prevent further vulnerabilities in the future. The company’s commitment to security and their willingness to acknowledge those who help them maintain it is demonstrated in their Responsible Disclosure Policy, which can be found at https://www.vice.com/en/page/vice-responsible-disclosure-policy.
In conclusion, it is important to remain vigilant when browsing the web, even when feeling sleepy or distracted. It is always a good idea to report any potential security vulnerabilities that you may come across to the appropriate parties. By doing so, we can help make the internet a safer place for everyone.
How to Prevent Subdomain Take over Vulnerability?
Subdomain takeover vulnerability can pose a serious threat to your website’s security. Fortunately, there are several steps you can take to prevent this type of attack:
- Remove unused subdomains: Removing DNS records for any subdomains that are not in use can help prevent attackers from taking them over. It can also reduce the overall attack surface of your domain, making it more difficult for hackers to find vulnerabilities.
- Monitor DNS records: Regularly monitoring your DNS records can help you detect any unauthorized changes or additions to your subdomains. This can allow you to take action to prevent subdomain takeover vulnerabilities before they can be exploited.
- Verify ownership of third-party services: If you use third-party services that rely on subdomains, such as content delivery networks or marketing automation tools, it’s essential to verify that you have ownership and control over those subdomains. This can help prevent attackers from taking over subdomains used by these services.
- Implement subdomain delegation: Assigning ownership and control of subdomains to specific teams or individuals can help ensure that subdomains are only used for their intended purpose. This can prevent unauthorized access or changes to your subdomains.
- Use HTTPS and HSTS: Implementing HTTPS and HSTS can protect your domain and subdomains from man-in-the-middle attacks. This can help ensure that all connections are encrypted and prevent attackers from intercepting traffic and taking over subdomains.
By following these steps, you can help prevent subdomain takeover vulnerabilities and keep your website secure. Remember to regularly review and update your security measures to stay ahead of evolving threats.
Link to read full write up: here
Save the pdf here