In this article, we are telling you about subdomain takeover vulnerability such as how to find subdomain takeover vulnerability, as well as what it is, how can hackers take advantage of it
Here we are telling you all how to find subdomain takeover vulnerability, but here you can not show any kind of subdomain takeover.
As you know, there are some limitations here, due to which such attacks cannot be fully communicated, but here we are definitely giving you a guide about subdomain takeover vulnerability.
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
Also Read
Insecure direct object reference
Facebook Hacking How to Hack Facebook ?
What is Subdomain takeover vulnerability ?
Before doing all this, you should know what the subdomain takeover vulnerability is, let’s know about it as you know it is a domain, like our website’s domain freelearningtech.in
In such a case, if we have created a subdomain then it is something like this nanu.freelearningtech.in. In such a case, if it is vulnerable to domain takeover, then hackers can upload any data by making it their own.
Like suppose google.com is a domain, so there are many subdomain in it, hackers find them and try to takeover on them, if they become success, then they either report to google or use their miss by removing the original data. is
If this vulnerability is understood in easy language then this is what happens if hackers can somehow upload any subdomain and upload anything on it, in this way it is called subdomain takeover vulnerability.
There is also two types of subdomain takeover vulnerability, one that is associated with a domain, and one that is linking to other websites from other websites.
Just like you must have seen many times in websites, many people import files like css in websites, in such a way, we know why the use of css file is done here, if the hacker takes the same files, then the view of the home page changes.
How to find Subdomain takeover vulnerability ?
Before finding the subdomain takeover vulnerability, you have to first find the subdomains, here we are using the sublister tool, you can also use any other tools.
Here we are using such tools, where you get many types of tools at once, first of all you have to download and install this tool in this way. git clone https://github.com/nahamsec/bbht
After this tool is installed, something is opened in front of you in such a way as you can see in the image, with this single tool you get many tools. All these tools are used to perform subdomain takeover vulnerability.
There is not a tool installed here, in this case we are using another tool instead, subzy tool is not installed here, if subzy tool is installed in your pc, then you can use it too.
All these tools are downloaded and found in the root folder as you can see in the image, you can use these Subdomain takeover vulnerability tools by opening the terminal directly from here.
Before finding subdomain takeover vulnerability, first of all hackers have to find subdomains as you can see in the image, in this way the sublister is used.
This tool gives you a file by finding all the subdomains of your target and after doing all this, Subdomain takeover vulnerability domains can be found from the list of these subdomains.
As you can see, this tool finds subdomains from all types of search engines, you do not use them much, by doing this you can also be blocked for some time through search engines.
As you can see in the image, in this way, this tool is found by finding the subdomains of any website, before finding the subdomain takeover vulnerability, the subdomains are searched in this way.
After finding the subdomains, hackers finding this vulnerability, for this way we are using the takeover tool. git clone https://github.com/m4ll0k/takeover
After installing the tool, you can find the subdomain takeover vulnerability by using it, this tool runs in this way, you can check its help and see something like this.
Here, subdomain takeover vulnerability is found in this way, here we are using the same file which we got from the sublister tool, this way here it is done using the command
Here we waited for a long time, in such a way that subdomain takeover vulnerability was not found in this website, in such a way, we tried this attack on another website as you can see in the image.
This is how hackers find subdomain takeover vulnerability. After doing all this, hackers try to takeover on these subdomains. How this is done cannot be described here practically.
This is how hackers takeover after finding subdomain takeover vulnerability in this way. Let us tell you in detail about this as if you have seen this many times, you have a different url address but after opening url address changes
In a similar way, hackers can also redirect users to their websites by linking any of their custom domains with subdomains of another website, in such a way hackers can also do some kind of phishing attack.
Also, many such attacks can be done, which users do not even know, as well as if hackers want, they can also upload any kind of data by removing the original data.
Here you want to tell one thing, if you get subdomain takeover vulnerability in a website, then you report it because you get a very good reward, Don’t miss use this.
The Conclusion
I hope now you can understand about subdomain takeover vulnerability. We have told you all here how hackers find them but you cannot be told here by takeover
Here we have used two tools, you get many such tools that you can use, here you can now understand how hackers can do any kind of hacking by taking subdomain.
If you get this vulnerability, then you can get a good reward and if you somehow find this vulnerability in websites like google or facebook, then you get a good bug bounty.
If you have any kind of question, in this way, you can ask in the comment, we will help you completely, hoping that you will never use any of the methods mentioned in this article.
If you like this article of ours, then definitely share it, you can also tell us in the comment on which topic you want articles. Subscribe to our blog for new articles.
Sharing is Caring
Thankyou
Leave a Reply