Subdomain takeover from scratch to advance

Sub-domain Takeover : 

Sub-domain takeover is a common and most popular vulnerability. If you are not aware of such kind of vulnerability, you can understand it as a class of security issues where the intention of an attacker is to take control of an organization’s sub-domain via cloud services.

Sub-domain takeover vulnerability sometimes may lead to financial loss of an organization and compromising users trust on the organization because, this vulnerability attacker can fully claim the particular sub-domain of an organization, on which people have their fail as the secure domain. In some dangerous cases, the attacker exploits the sub-domain takeover vulnerability and puts forms on the sub-domain that is vulnerable and steals confidential information from the user. This information may contain credit/debit card details, CVV or any other personal and confidential information of a user. 

Cause of sub-domain takeover Vulnerability :

Sub-domain takeover arises when a sub-domain is pointing to another domain(CNAME) that doesn’t exist currently. If an attacker registers the non-existing domain, then the sub-domain points to the domain registration by the attacker. A single change in DNS makes the attacker as an owner of that particular sub-domain and he can manage the sub-domain according to his choice. So, this is the power of “sub-domain Takeover Vulnerability”.

Impact :  

It gives an opportunity to the attacker to use a sub-domain on behalf of the organization for any malicious purpose.

Example :

You can consider an example where let’s say, “example” is an organization and the domain is example.com. You can also see in the diagram that blog.example.com, ads.example.com, and info.example.com are the sub-domain’s. Let’s have a look at the diagram to understand sub-domain takeover.

Sub-domain Takeover

Diagram sub-domain takeover explanation –

If http://example.com/ is the main domain (high-level domain) of an organization and developers of http://example.com/ create a sub-domain http://blog.example.com/ , but there is no host which provides content for it, then an attacker can provide a host for this sub-domain (ex.http://blog.example.com/) and take the ownership of sub-domain. This leads to sub-domain takeover vulnerability.

Mitigation :

1. Monitor your digital infrastructure of the website on a regular basis.
2. Delete the DNS configuration of the external service on your sub-domain if it’s pointing to a non-existing service or host.