subdomain takeover (stealing websites)

Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx
TOOLS USED IN THIS VIDEO
---------------------------------------------------
- AMASS: github.com/OWASP/Amass (find subdomains)
-TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner)
-Dig (apt install dig)
🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy
0:00 ⏩ Intro
0:18 ⏩ How subdomain takeover works
1:59 ⏩ Why Subdomain takeovers are dangerous
2:33 ⏩ Make sure your code is secure using codesec!
4:06 ⏩ find our targets subdomains using Amass
5:06 ⏩ The username is not available
5:57 ⏩ IT actually worked!!
6:17 ⏩ Once you’re in github…
6:58 ⏩ The same thing can happen with Azure
7:45 ⏩ so how do you protect your website

Thanks for your video. I learns a lot and useful to my job.

This goes even deeper... you own a DNS name and then abandon it after several years... (perhaps an unforeseen event or your start-up fails)... Some 3rd party eventually purchased my old domain and used the way back machine to re-create the website... WARNING... think hard before abandoning a domain name!

Always remember kids - "It's only for educational purposes"

The worst part of this...as an end user, there is really no way of knowing if this happened.
You can get an SSL certificate for the redirected subdomain, which means HTTPS will work fine.

i feel like this video was inspired by the "Avoiding DNS Pain" NDC talk that was uploaded 3 weeks ago.
they cover this exact problem and also one solution (basically DNS as code like infrastructure as code).

Remember kids ...
it's always DNS, always.

Love your content.....keep doing great things!

For my company, our security requires any external facing sub domains can only be on 443, no 80 or re-directs like this shown. The owner has the attest to it and put new certs every 90 days and we monitor all external facing URL's. This is a serious open window that a lot of corporations do not even bother to worry about. But I'm glad I work with and lead one of the best IT security teams in my industry where we are constantly 5 steps further then what is required for our various regulations (PCI/ISO/SEC/FRB/etc...)

I don't get it, if the website is deployed from github, why would you ever delete your github account? You would have probably switched to another repo or just uploaded the files directly to your server before you delete your account while your website is still dependent on it. I also don't understand why this is only a vulnerability with subdomains.

This happens all the time even for large companies including microsoft, amazon, walmart, etc that people use subdomains to send spam mail from the main domain from the actual company making hard to block spam mail because you can't just block the email address or the domain because you might actually want email from the actual company. Most email services don't allow blocking subdomains only email addresses themselves or primary domains. So people just make infinite amounts of sub domains for the primaries of an actual companies domains making it hard to block spam. At times it almost feels like the spammer have hacked the mail servers themselves and using it to spam and it's even funner when they are able to send spam mail out with no email address at all because the servers don't check to see is the account sending actually exist or even cares if the send mail is blank. It's even more fun when some emails services have auto avatar and names loading that get associated with the spammers email making it even look more like a real email. It's kind of hard for me to explain this lol.

Mr Beast Game sweatshirt 😂😂😂
btw. i love your videos!

NetworkChuck: You'res could be next Me who dosent have money for domain: yes.

you are doing such a fabulous job 😜

Thanks for this vid! I have been looking into domain take over a bit recently and this really clears it up for me.

There is somebody exploiting your number 2 before you had a chance to film. Proof positive that somebody is always trying to mess with your sh*t.

Super video Chuck Your videos are awesome And informative 👍🏿

Thanks for the video Chuck! It will definitely all the website developers!

There are actually some commercial vendors that do monitor for this kind of stuff (RiskIQ being one), it's not cheap, but it does do a decent job of detecting this.

Just curious what is your input in the targets.txt file ?

Nice new studio 🤩

This is as powerful as giving Blue tick for 8$ and achieve any identification and status with a unethical or biased thoughts

Best prevention is to not have a website

…that was quick. I am glad I grabbed my small coffee mug.

takeover moved or was deleted

Another video by chuck
Thank Goodness

I saw something recently call no-code programming. Can you give your perspective on it?

Your new studio is nice .... but I like the previous one more😂😅

I love your content so much chuck

LESGOOO FIRST COMMENT! keep the vids coming love your content

Great video, please coninue making these kinds of videos

* Insert gif of Captain Holt saying “Bingpot!” here *

How to run tool in kalilinux from any path ?

Now I know the difference between real voice chuck and content creator chuck. BTW luv the videos !

Is there a free hacking software for Windows? Like the one you use in Linux but then for Windows?

Hey bro, love your content a lot

Amazing video. Also can we get a kali Linux intro series

Now this is something of my interest

@networkchuck can you please make a video of your tools and gadgets?! We need to know. Like a tour of your desk :p

loved your all content sir

4:15 is all of us before we found you

Keep going men I love your content it's very helpful thank you ♥️

You are better than any AI !

Nice video, just a question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?

What about a subdomain takeover with Fastly?

Thank you for this very informative video, so could you please do a video on the best method to secure DNS and a site? Thanks.

This is terrifying.

So cool content and so less likes. Shame in you guys. Thanks for this.

Very very interesting video, sir puted in a very cool and funny way :)
You got a sub from me!

This man got me all the time 🔥💥

Great video as always. I notice that you display the ANM27T! I just got some too!

Yes but if you use A record instead of CNAME aren't you more safe?

Thank you sir for another great video, been getting much great lesson from your channel 👍

That's something big companies wouldn't do. Nice video, but no big company would do this.

I didnt know about this, looks scary.

Wow superb Boss 👍👍

Love your videos ❤

How to get the takeover tool. I didn't find in github

MrBeast Gaming Hoodie. Like a KING

is it possible to takeover the maindomain from a subdomain ?
Greets

Please make videos on (Bug Bounty) techniques..........

Sorry I don't understand the part that you created file called fun html.

I love this guy, I've learned a lot from you sir

what happens if I go to a suspicious link and it crosses out and clears the log, can the page still retrieve data?

Awww chuck loves mr beast merch 😌😌😌😌❤️

don't have one, jokes on them 😅.

Did mr. Beast sponsor this video btw i love your video

Bro can i use kali as main OS

Great vid. subfinder, sublist3r, findomain, assetfinder, subjack and subzy can be used for that purpose too. :)

I hold ANM27T. Very promising project, and its ecosystem maintains complete anonymity

I'm loving this!!

Whats the name of the software with e green W

Love your videos. Always awesome.
Something I have always been curious about. What do you use to draw on your desktop?

make a course on ceh practical

As a front end developer, I understand nothing from the code you wrote

i'm surprised GitHub makes usernames available after only 90 days it should be 365 days same with all socials or logins minimum

Will you make any research videos about ANM27T

I have a question.
Is this DNS rebinding?

On ANM27T go long when the sell pressure reduce.

TakeOver Script is not available on this user where can i find this exact script?

Wow! So Cool! 😂👍👍👍

It's always DNS accept when it's a buffer overflow.

It just misses the point on why this can be so effective - if the original creator of the website links it IN his website, it's legit in the eyes of end-user and little to no precaution is taken.

Bro, i bought ANM27T in September after your video. i'm up 79%.

If a hacker hacks my website, I’d let them have it :) I don’t have a website. They were pranked!

The reason I got ANM27T is because I believe decentralization is more important than anything else.

Same thing I did to take over Facebook account in old days. when an email IDs gets deleted because u didn't logged in for 6 month 😆

The problem is, this requires the targets to be a bit stupid...

CodeSec!! 🎉

Nice hairstyle bro!

New week up as many FOMO in. But the ANM27T story isn’t over yet. The only strat that works under all circumstances is DCA all the time with solid, large companies (not hyped ones).

What's better holding into crash or being safe with ANM27T tell me

You would need to know that the GETHUB was available and a DNS record was pointing to it....highly unlikely to happen.

all of this because github can't fkkking clear the dns setting when the account is deleted

Me watching Network Chuck has Beast Gaming Hoodie 😂

2:57 "Fastest a$$. Fast a$$ is fast." bruh, my a$$ is pretty fast tysm :D

ANM27T at less than $1. is like BTC at $100. When ANM27T finally blows it's gonna be epic.

Everyone waited for Amazon to create ANM27T and the time is ready

super cool video. Can i get the name of the backgroud music? Please?

Gosh darn dangling pointers.