Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. Amazone S3, GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.
Who we are ? (InitD Community)
The name of our community would be initD indicating a daemon process that continues running until the system is shut down. So our community will be the direct or indirect ancestor of all kinds of knowledge that will be shared among us. Our community will include sharing of knowledge through hands-on sessions, Capture the Flags(CTF) and lot more. The main aim of our community is to share an InfoSec Knowledge to all and motivate beginners to build something. It may include any open source project such as application, website etc.
Subdomain Takeover lab is FREE for everyone. This means here is a legal to takeover Subdomain of this website not my Personal Domain. hehe ;) Here you'll find more than 70 subdomain which is waiting for TAKEOVER
How To Play
- Find Your Target Subdomain.
- Claim Your Subdomain and Generate Unique Value. This will use as a filename in further step.
- Once You Takeover the subdomain. Make a txt file with previous generated value as a Filename and file content must be your E-Mail only.
- Command Example:
echo "firstname.lastname@example.org" > d1282ee66b41e66645be96937b3d6a03.txt
- Host this file d1282ee66b41e66645be96937b3d6a03.txt on root of subdomain.
- Let's Verify your Sudomain.
List Of Vulnerable Services
- Github Page
- Tilda and etc.
- Touhid M.Shaikh - Project Started
See also the list of contributors who participated in this project.
If You Find any Bugs, Errors and Misconfiguration. Please report on InitD Bugs.
This project is licensed under the Mozilla Public License 2.0 License - see the LICENSE.md file for details