subdomain takeover (stealing websites)

Подписаться 4 млн

Просмотров 195 тыс.

50% 1

Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx
Hackers can EASILY take over websites using a technique known as subdomain takeover. The scary part is that it’s not that hard. In this video, NetworkChuck will demonstrate how hackers can take over subdomains using tools like Takeover, Amass and Dig.
TOOLS USED IN THIS VIDEO
---------------------------------------------------
- AMASS: github.com/OWASP/Amass (find subdomains)
-TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner)
-Dig (apt install dig)
🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy
**Sponsored by Contrast Security
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
0:00 ⏩ Intro
0:18 ⏩ How subdomain takeover works
1:59 ⏩ Why Subdomain takeovers are dangerous
2:33 ⏩ Make sure your code is secure using codesec!
4:06 ⏩ find our targets subdomains using Amass
5:06 ⏩ The username is not available
5:57 ⏩ IT actually worked!!
6:17 ⏩ Once you’re in github…
6:58 ⏩ The same thing can happen with Azure
7:45 ⏩ so how do you protect your website
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
#Subdomaintakeover #Hacking #codesec

Наука

Опубликовано:

25 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 304

@NetworkChuck Год назад

Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx TOOLS USED IN THIS VIDEO --------------------------------------------------- - AMASS: github.com/OWASP/Amass (find subdomains) -TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner) -Dig (apt install dig) 🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy 0:00 ⏩ Intro 0:18 ⏩ How subdomain takeover works 1:59 ⏩ Why Subdomain takeovers are dangerous 2:33 ⏩ Make sure your code is secure using codesec! 4:06 ⏩ find our targets subdomains using Amass 5:06 ⏩ The username is not available 5:57 ⏩ IT actually worked!! 6:17 ⏩ Once you’re in github… 6:58 ⏩ The same thing can happen with Azure 7:45 ⏩ so how do you protect your website

@karim3741 Год назад

Hey chuck (apt install dig) will not work 😊 its (apt install dnsutils)

@owengames7567 Год назад

hey your comment section is botted lol

@rdahlinger4509 Год назад

Do you have any recommendations for someone who bought a new computer and the staples set it up in a bad way with admins and a fake windows defender that I can’t seem to figure out how to fix. I have Apache licenses and open sources and all of this stuff I have no idea how to fix. Thoughts?

@LifeDigger2004 Год назад

Thanks for this vid! I have been looking into domain take over a bit recently and this really clears it up for me.

@MikeHarris1984 Год назад

For my company, our security requires any external facing sub domains can only be on 443, no 80 or re-directs like this shown. The owner has the attest to it and put new certs every 90 days and we monitor all external facing URL's. This is a serious open window that a lot of corporations do not even bother to worry about. But I'm glad I work with and lead one of the best IT security teams in my industry where we are constantly 5 steps further then what is required for our various regulations (PCI/ISO/SEC/FRB/etc...)

@homemedia4325 Год назад

This goes even deeper... you own a DNS name and then abandon it after several years... (perhaps an unforeseen event or your start-up fails)... Some 3rd party eventually purchased my old domain and used the way back machine to re-create the website... WARNING... think hard before abandoning a domain name!

@Asherstitusworld Год назад

Super video Chuck Your videos are awesome And informative 👍🏿

@n1027 Год назад

Thanks for your video. I learns a lot and useful to my job.

@FunctionGermany Год назад

i feel like this video was inspired by the "Avoiding DNS Pain" NDC talk that was uploaded 3 weeks ago. they cover this exact problem and also one solution (basically DNS as code like infrastructure as code).

@InfamousKoala Год назад

I love your content so much chuck

@tristunalekzander5608 Год назад

I don't get it, if the website is deployed from github, why would you ever delete your github account? You would have probably switched to another repo or just uploaded the files directly to your server before you delete your account while your website is still dependent on it. I also don't understand why this is only a vulnerability with subdomains.

@lampagiul Год назад

because you cannot create CNAME records for root domains

@theraven.4 Год назад

You just have to delete the resource and not alter the dns records. Remember this was a demonstration.

@777Yashobeamofchrist Год назад

Guys, question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?

@theraven.4 Год назад

@@777Yashobeamofchrist Yes, if you delete the dns records then no one can hijack the subdomain.

@777Yashobeamofchrist Год назад

@@theraven.4 thanks Rashad, do you know why some people claim bounty rewards to give subdomain back if it's as easy as deleting the record on root? That's what confuses me

@404-null Год назад

Love your content.....keep doing great things!

@shadowdragon9706 Год назад

Thanks for the video Chuck! It will definitely all the website developers!

@M3laku Год назад

Remember kids ... it's always DNS, always.

@sachinbhujel909 Год назад

you are doing such a fabulous job 😜

@StrokeMahEgo Год назад

The worst part of this...as an end user, there is really no way of knowing if this happened. You can get an SSL certificate for the redirected subdomain, which means HTTPS will work fine.

@najemhaddad8409 Год назад

Keep going men I love your content it's very helpful thank you ♥️

@Naath000 Год назад

loved your all content sir

@NiceOwl84 Год назад

This happens all the time even for large companies including microsoft, amazon, walmart, etc that people use subdomains to send spam mail from the main domain from the actual company making hard to block spam mail because you can't just block the email address or the domain because you might actually want email from the actual company. Most email services don't allow blocking subdomains only email addresses themselves or primary domains. So people just make infinite amounts of sub domains for the primaries of an actual companies domains making it hard to block spam. At times it almost feels like the spammer have hacked the mail servers themselves and using it to spam and it's even funner when they are able to send spam mail out with no email address at all because the servers don't check to see is the account sending actually exist or even cares if the send mail is blank. It's even more fun when some emails services have auto avatar and names loading that get associated with the spammers email making it even look more like a real email. It's kind of hard for me to explain this lol.

@The_Motivation_Never_Stops Год назад

Amazing video. Also can we get a kali Linux intro series

@kerimayvaz9365 Год назад

Great video as always. I notice that you display the ANM27T! I just got some too!

@willyjancke2622 Год назад

Now I know the difference between real voice chuck and content creator chuck. BTW luv the videos !

@edwardlenovo3240 Год назад

There are actually some commercial vendors that do monitor for this kind of stuff (RiskIQ being one), it's not cheap, but it does do a decent job of detecting this.

@neenus Год назад

Just curious what is your input in the targets.txt file ?

@777Yashobeamofchrist Год назад

Nice video, just a question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?

@cxl520 Год назад

Yes, they won't be able to use your domain name anymore. Unless your registered domain name is also controlled.

@777Yashobeamofchrist Год назад

@@cxl520 thx xl c

@legoapocalypse3073 Год назад

he won't tell you. you need to pay. network cuck is useless. David Bombal is 10x better.

@UnknownUser-in1ok Год назад

I love this guy, I've learned a lot from you sir

@legoapocalypse3073 Год назад

wtf have you learn? he only presents the basics of basics, for deep learning you need to buy something.

@MinexCSGO Год назад

Now this is something of my interest

@originalravage Год назад

NetworkChuck: You'res could be next Me who dosent have money for domain: yes.

@calisthenicarts312 Год назад

I saw something recently call no-code programming. Can you give your perspective on it?

@Props-Production Год назад

Mr Beast Game sweatshirt 😂😂😂 btw. i love your videos!

@innotechtips Год назад

I'm loving this!!

@Mimimo Год назад

Thank you sir for another great video, been getting much great lesson from your channel 👍

@JustBCA Год назад

I bet you are...

@estrellatwins1331 Год назад

@networkchuck can you please make a video of your tools and gadgets?! We need to know. Like a tour of your desk :p

@PuneriLatika Год назад

LESGOOO FIRST COMMENT! keep the vids coming love your content

@vivekpandey95 Год назад

Great video, please coninue making these kinds of videos

@roykisho7086 Год назад

This man got me all the time 🔥💥

@mwansa430 Год назад

Your new studio is nice .... but I like the previous one more😂😅

@devanshtripathi7234 Год назад

Love your videos ❤

@SetYourBarTo10 Год назад

…that was quick. I am glad I grabbed my small coffee mug.

@petarkolev6928 Год назад

Very very interesting video, sir puted in a very cool and funny way :) You got a sub from me!

@DavidMaciasPhoto Год назад

Thank you for this very informative video, so could you please do a video on the best method to secure DNS and a site? Thanks.

@bendorman2930 Год назад

Don't create cname entries in your dns for domains that you don't control

@amazonserver2844 Год назад

Cloudflare

@localadm Год назад

Great vid. subfinder, sublist3r, findomain, assetfinder, subjack and subzy can be used for that purpose too. :)

@App_galaxy Год назад

Hey bro, love your content a lot

@App_galaxy Год назад

No worries man, I've always been here watching your better content

@veteranashoe Год назад

Nice new studio 🤩

3 месяца назад

You are better than any AI !

@MM-hh Год назад

Always remember kids - "It's only for educational purposes"

@X-razcal-X Год назад

So cool content and so less likes. Shame in you guys. Thanks for this.

@pavi013 Год назад

I didnt know about this, looks scary.

@scottb4029 Год назад

There is somebody exploiting your number 2 before you had a chance to film. Proof positive that somebody is always trying to mess with your sh*t.

@Deetje1212 Год назад

Is there a free hacking software for Windows? Like the one you use in Linux but then for Windows?

@exoticlol Год назад

That's something big companies wouldn't do. Nice video, but no big company would do this.

@brightjoseph9947 Год назад

Another video by chuck Thank Goodness

@drac.96 Год назад

This is terrifying.

@imranmohsin9545 Год назад

This is as powerful as giving Blue tick for 8$ and achieve any identification and status with a unethical or biased thoughts

@bendorman2930 Год назад

Love your videos. Always awesome. Something I have always been curious about. What do you use to draw on your desktop?

@bendorman2930 Год назад

I love how on a how to hack channel, an impersonator of network chuck tried to get me to IM him. I don't think so idiot.

@danjaymz Год назад

He uses a graphics tablet on Photoshop, with a green background. Then keys the green out in post. Or at least he used to!

@brolbucht5558 Год назад

What about a subdomain takeover with Fastly?

@IND_SUBODH_GAMING Год назад

Wow superb Boss 👍👍

@YASIRSHAIKH-mm8ci Год назад

Please make videos on (Bug Bounty) techniques..........

@Robin-93 Год назад

what happens if I go to a suspicious link and it crosses out and clears the log, can the page still retrieve data?

@uhfl671 Год назад

ANM27T, you've done an amazing job. How are you going to make all of these films and write all of the text in such a short amoun

@kuzenerissda6909 Год назад

I hold ANM27T. Very promising project, and its ecosystem maintains complete anonymity

@youtubezalimsehir6732 Год назад

On ANM27T go long when the sell pressure reduce.

@Orlando.Villanueva Год назад

CodeSec!! 🎉

@70nald0 Год назад

make a course on ceh practical

@TMoneyJones Год назад

* Insert gif of Captain Holt saying “Bingpot!” here *

@knrd_3607 Год назад

MrBeast Gaming Hoodie. Like a KING

@lawrenceawei8245 Год назад

super cool video. Can i get the name of the backgroud music? Please?

@user-sq7st2vs3i 11 месяцев назад

How to run tool in kalilinux from any path ?

@hericerikvar7938 Год назад

Bro, i bought ANM27T in September after your video. i'm up 79%.

@AltoAngelo Год назад

Wow! So Cool! 😂👍👍👍

@weirdskunk Год назад

How do you put your vem fullscreen help I need help

@rajeshsagar3912 Год назад

that's a great video, thanq

@cyberdevil657 Год назад

Man I love you so much

@tasfiulhedayet 8 месяцев назад

How to get the takeover tool. I didn't find in github

@georgesporos2573 Год назад

Yes but if you use A record instead of CNAME aren't you more safe?

@jrfrazier7598 Год назад

No you would have to use a CNAME in this case since you do not have IP access to Github's servers to redirect your site when requests are received for your subdomain. However, if you simply delete he CNAME in your DNS config, the crisis will be averted.

@DEADLYMOUSEGAMING276 Год назад

how to clear or delete came record is that possible ?

@mtgk-oyuncutv2514 Год назад

What's better holding into crash or being safe with ANM27T tell me

@kaosomerk4211 Год назад

New week up as many FOMO in. But the ANM27T story isn’t over yet. The only strat that works under all circumstances is DCA all the time with solid, large companies (not hyped ones).

@jmr Год назад

It's always DNS accept when it's a buffer overflow.

@syroyt_ Год назад

Whats the name of the software with e green W

@timecop1983Two 6 месяцев назад

takeover moved or was deleted

@ardaar1034 Год назад

The reason I got ANM27T is because I believe decentralization is more important than anything else.

@jaybiddy955 11 месяцев назад

4:15 is all of us before we found you

@oasisgreece Год назад

Make a video that you are pen testing your own website, find vulnerability and prevent it (if u find). Just to see a real and live hacking on your own🔥

@iamGreyEvil Год назад

Bro can i use kali as main OS

@0fie. Год назад

Nice hairstyle bro!

@Yamayaga Год назад

Will you make any research videos about ANM27T

@dany_cool9092 Год назад

Best prevention is to not have a website

@gamingjoe9905 Год назад

Underrated comment

@isaaccerreto8662 Год назад

yes.

@bendorman2930 Год назад

Or don't create cname entries in your dns record for domains that you don't control

@dakoderii4221 Год назад

🤔

@DendrocnideMoroides Год назад

Even better is to not be alive

@arpitgoyal2035 Год назад

Did mr. Beast sponsor this video btw i love your video

@muhammedabdulrazak9096 Год назад

Sorry I don't understand the part that you created file called fun html.

@jasperverbruggen460 Год назад

I have a question. Is this DNS rebinding?

@9SMTM6 Год назад

I don't know how that works precisely, but wouldn't they have to have valid SSL certificates? They could likely get one easy enough, but even for my small domain I get warnings of certificates are issued, so I'd notice if an certificate is issued without it being from me or my services. EDIT: Yup, going by you completing a DNS Challenge you had to get a certificate so that'd protect me. Also I don't point any of my subdomains to some route out of my control, so even not looking for certificates I should be fine as long as that's the case. And even if I do that, these will be the only kind of subdomains attack able with that exploit.

@cxl520 Год назад

I think the way he showed it from here, you will be using GitHub's certificate? because he points your website to a GitHub website. If you want to know, you can follow his method to find out.

@CrankinIt43 Год назад

Gosh darn dangling pointers.

@yavuzsatcapar6967 Год назад

is it possible to takeover the maindomain from a subdomain ? Greets

@K1Pfand Год назад

thought the same thing

@mahidalam6761 7 месяцев назад

TakeOver Script is not available on this user where can i find this exact script?

@ruttalaabhinav8105 Год назад

Your Content was good

@Kurtoglu4153 Год назад

ANM27T has as much potential as ethereum. But unlike ethereum it has a bigger growth potential.

@snyhper_1394 Год назад

Awww chuck loves mr beast merch 😌😌😌😌❤️

@ThatGuyInVegas Год назад

Nice, very nice.

@MikeHarris1984 Год назад

Its always DNS when something bad happens... when there is access issues, its always the network... ALWAYS!!! when I call our NOC "Oh, thats odd, just a second... okay I didnt find anything wrong, can you try again?" "wth its working now!??!" "Yeah, there was nothing over here, musta been a bug on your side" This is every convo with a network admin ever... they always fix a little mistake they found but never fess up to it...