MoinQ:

1. takeovers

https://twitter.com/ataudte/status/1635186454912712704?s=20

https://twitter.com/silentpush/status/1643554158891487232?s=20

ドメイン乗取、ハイジャックなどとも言われる。

奪取というのがふさわしい状況を指す名詞らしいので、lame delegation を利用したなりすましとは共存する状況はない。

手段、手法などもはっきり定義されていない。ひとに依る。


/guide A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers https://blog.projectdiscovery.io/guide-to-dns-takeovers/

Currently known vulnerable DNS services

EdOverflow / can-i-take-over-xyz https://github.com/EdOverflow/can-i-take-over-xyz?ref=projectdiscovery-io-blog

5 Ways to Exploit a Domain Takeover Vulnerability

https://redhuntlabs.com/blog/5-ways-to-exploit-a-domain-takeover-vulnerability.html

/5ways

1.1. cloudflare

/cloudflare

1.2. Google

How to take over a subdomain in Google Cloud DNS Mark van Holsteijn on Jan 27, 2022 /

https://binx.io/2022/01/27/how-to-take-over-a-subdomain-in-google-cloud-dns/

detect and resolve DNS dangling / sub-domain takeover in GCP Posted on 07-18-2022 05:24 AM https://www.googlecloudcommunity.com/gc/Security/detect-and-resolve-DNS-dangling-sub-domain-takeover-in-GCP/m-p/446094

https://github.com/manasmbellani/athena-cloud-dns-takeover

1.3. Marzano

Mining Takeovers for Fun and Profit

Artur Marzano 2023-03-02

https://www.linkedin.com/pulse/mining-takeovers-fun-profit-artur-marzano

1.3.1. Introduction

This article describes an experiment aimed at finding domains likely vulnerable to DNS takeover, a well-known technique that can be used to steal decomissioned, but active domains.

In this experiment I will show how I was able to find with little effort more than 200 domains that could be theoretically taken over across different providers and parent domains by using data from a public search tool (SecurityTrails) and an open-source repository (can-i-take-over-dns).

Please note that I did not find any new vulnerabilities nor develop any sort of attack tools or techniques during this research. I just analyzed what was already there, not being responsible in any way for whatever damages could be caused by the usage of the methods described below.

cloudflare は除外したとある。awsdnsは vulnerableではないとの扱いだ。:ー)

1.4. 2020

https://internet.watch.impress.co.jp/docs/event/1297384.html

1.5. 2018

もし、ドメイン名が他人にハイジャックされたら? 平成の記憶から学ぶ、その手口と対策

https://internet.watch.impress.co.jp/docs/event/1157248.html

DNSテイクオーバーを題材に~ ランチのおともにDNS

1.5.1. 対策案

Lame Delegation Cleanup. Registrars

Nameserver Segregation. Providers

Detection & Response. Providers

Developing Awareness.

Vulnerable providers can warn customers explicitly when they try to remove a zone, 
informing them that they must remove the NS record at their registrar prior to removing the delegated zone.

Finally, about the title of the article -
 I did have lots of fun doing this, but I didn't really profit anything, 
so for now I just hope this article was instructive for readers and that this will inspire researchers, 
registrars and providers to think about the problem =)


CategoryDns CategoryWatch CategoryTemplate

MoinQ: DNS/takeovers (last edited 2023-04-24 08:27:30 by ToshinoriMaeno)