Comments (69)
This doesn't work for me. If the tld is already registered - it's not possible. The following error is returned:
Domain 'redacted.com' is already taken by another customer
Definitely an Edge Case.
from can-i-take-over-xyz.
@n1ghtfox its simple and easy ..
- create a new service ( ex: version 1) .
- add subdomain or domain if accept to add your domain this mean you can takeover it then do the next steps.
- then in the Origin Host add Your VPS ip without ssl if not include port 80.
- Active your service ( version 1 )
if you don't want to wait to know if the domain connecting to vps or not .. You can check it directly by goto domains then near to domain name you will see
Test Domain
which will open a Link like this
http://domain.com.global.prod.fastly.net and it will show your vps page.
Sure you can wait 10 min to avoid doing this step :)
Kind Regards,
Mohamed Haron.
from can-i-take-over-xyz.
I understand, and confirm it worked for this time and allowed. Also the reason, as mentioned by the program, they were in the process of decommissioning the Fastly service, while I took over the subdomains. I've had mostly the experience of it not working, but once or twice it worked. Maybe due to the way the account is configured by the programs (they may or may not be using wildcards).
Hence, it seems if the setup contains the wildcard entries, it does not allow to takeover any subdomain belonging to the program and gives out the error: domain "abc" is already taken by another customer. And works when they setup individual subdomains on the service.
Hopefully this helps.
from can-i-take-over-xyz.
I confirm that it is possible to take over a subdomain pointing at Fastly, not sure how much of an edge case it is.
DNS:
sub.staging.target.fr. CNAME target.map.fastly.net.
target.map.fastly.net. A 151.101.xx.xxx
I was able to take over the subdomain by creating an account and specifying the subdomain in the domain configuration for a service.
from can-i-take-over-xyz.
I'm facing now with this shit Domain 'blahblah.com' is already taken by another customer
Can someone explain me how to fix this shit.
from can-i-take-over-xyz.
I think Fastly is no more vulnerable for subdomain takeover .
from can-i-take-over-xyz.
Hi @EdOverflow,
Is it still possible to claim subdomain on Fastly?Regards,
Yes Bro I do a Takeover last 2 days for a 4 domains.
from can-i-take-over-xyz.
vikrams-MacBook-Air:domaintakeover arjunsharma$ dig https://critik.in/best-lip-balms-in-india/
; <<>> DiG 9.10.6 <<>> https://critik.in/best-lip-balms-in-india/
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19199
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;
https://critik.in/best-lip-balms-in-india/ IN A
;; ANSWER SECTION:
https://critik.in/best-lip-balms-in-india/ 80835 IN CNAME https://critik.in/best-lip-balms-in-india/
https://critik.in/best-lip-balms-in-india/ 60 IN CNAME nonssl.global.fastly.net.
nonssl.global.fastly.net. 30 IN A 151.101.128.204
nonssl.global.fastly.net. 30 IN A 151.101.0.204
nonssl.global.fastly.net. 30 IN A 151.101.64.204
nonssl.global.fastly.net. 30 IN A 151.101.192.204
this kind of misconfigurations is also making services vulnerable
from can-i-take-over-xyz.
That certainly merits further investigation!
@EdOverflow I'm unable to look at this for a week, what's your capacity like? Happy for you to tag me on this if you're snowed under also.
Related to the work on #20 I think this should be done in a test cases and then added to the main readme.
from can-i-take-over-xyz.
@sumgr0 Yes, it helps, thanks =)
from can-i-take-over-xyz.
It seems that it is not vulnearble because when we try takeover sub_1.test.com , it says that test.com is already registered.
from can-i-take-over-xyz.
I confirm that it is possible to take over a subdomain pointing at Fastly, not sure how much of an edge case it is.
DNS:
sub.staging.target.fr. CNAME target.map.fastly.net. target.map.fastly.net. A 151.101.xx.xxx
I was able to take over the subdomain by creating an account and specifying the subdomain in the domain configuration for a service.
hi @vaadataa how can i register map.fastly.net
domain?
Thank~
from can-i-take-over-xyz.
who knows why i can't takeover this subdomain , is very sad~
from can-i-take-over-xyz.
Is it still possible to takeover CNAME pointing to map.fastly.net? Eg : target.com --> target.com.map.fastly.net Please provide steps if possible. I am getting only target.com.global.prod.fastly.net
No you can only add domain
and Fastly choose the name for your domain.
Even you able to takeover target.com.map.fastly.net
Services won't Run until you add Domain
from can-i-take-over-xyz.
@sawravchy I think this is still an edge case - as described by @mohamed-faris , his example still works:
from can-i-take-over-xyz.
Here is the verification screen and types.
DNS, Email, or text file file upload.
from can-i-take-over-xyz.
Hi @EdOverflow ,
I've been confirmed on my last report that this is not a valid vulnerability. This is the default Fastly error message if you are visiting the sub-domain directly which is not the intended use case, since it is part of a redirect by the CDN.
Regards,
tolo7010
from can-i-take-over-xyz.
Hi @EdOverflow,
Is it still possible to claim subdomain on Fastly?
Regards,
from can-i-take-over-xyz.
from can-i-take-over-xyz.
Can someone post step by step subdomain takeover on fastly?
from can-i-take-over-xyz.
from can-i-take-over-xyz.
In 2nd point, you have mentioned add subdomain. This is victim subdomain right?
And what if it get rejected. Is there a way to control traffic like redirection?
from can-i-take-over-xyz.
from can-i-take-over-xyz.
@vaadataa I confirm this too last month I takeover 4 subdomains pointing to Fastly
Steps for takeover here Guys with video you can find it here
https://www.mohamedharon.com/2019/06/can-i-takeover-xyz-steps.html
from can-i-take-over-xyz.
This doesn't work for me. If the tld is already registered - it's not possible. The following error is returned:
Domain 'redacted.com' is already taken by another customer
Definitely an Edge Case.
Yes I also got the same error
from can-i-take-over-xyz.
This doesn't work for me. If the tld is already registered - it's not possible. The following error is returned:
Domain 'redacted.com' is already taken by another customer
Definitely an Edge Case.Yes I also got the same error
me to same error any update ??
from can-i-take-over-xyz.
This doesn't work for me. If the tld is already registered - it's not possible. The following error is returned:
Domain 'redacted.com' is already taken by another customer
Definitely an Edge Case.Yes I also got the same error
me to same error any update ??
Yes, its an edge case.
I was able to takeover a subdomain for a H1 program and was awarded bounty about a week back.
from can-i-take-over-xyz.
This doesn't work for me. If the tld is already registered - it's not possible. The following error is returned:
Domain 'redacted.com' is already taken by another customer
Definitely an Edge Case.Yes I also got the same error
me to same error any update ??
The same error, Any updates!?
from can-i-take-over-xyz.
Just for confirmation of how Fastly is still possible to takeover, check out www.litium.de. This shall confirm the edge scenario.
from can-i-take-over-xyz.
This doesn't work for me. If the tld is already registered - it's not possible. The following error is returned:
Domain 'redacted.com' is already taken by another customer
Definitely an Edge Case.Yes I also got the same error
me to same error any update ??
Yes, its an edge case.
I was able to takeover a subdomain for a H1 program and was awarded bounty about a week back.
Any Updates got the same error!
from can-i-take-over-xyz.
is it possible that we can take over any vulnerable subdomain using fastly services or not or we use the different services which that domain use?
from can-i-take-over-xyz.
Hey, just used this method to takeover a subdomain and it worked. But still it's an edge case. In this one, the error was :
"Fastly error: unknow domain: domainname.com. Please check that this domain has been added to a service. Details: cache-blalala"
from can-i-take-over-xyz.
i am getting the same error as above described by mefkan. "Fastly error: unknow domain: domainname.com. Please check that this domain has been added to a service. Details: cache-blalala". but still unable to add domain to fastly
I am getting error - domain "abc" is already taken by another customer. Am i doing something wrong here?
from can-i-take-over-xyz.
Any Updates got the same error! I am getting error - domain "abc" is already taken by another customer
from can-i-take-over-xyz.
from can-i-take-over-xyz.
@sumgr0 For the same program? They were using two different domains in scope rigth?
At this time fastly is checking the domain(example.com) given, if it is taken once you can't register any of the subdomains (ignorebyfastly.example.com)
So a company is vulnerable only if they stop completly from using fastly for a whole domain.
from can-i-take-over-xyz.
from can-i-take-over-xyz.
@sumgr0 so you took over subdomain1.example.com
and subdomain2.example.com
? Fastly UI says the opposite than you do, if you try to take subdomain1.example.com
Fastly is only checking if example.com
is taken, if it is you can't not register subdomain1.example.com
nor subdomain2.example.com
nor any other subdomain for that example.com
, even if one of them is showing the fingerprint error message.
from can-i-take-over-xyz.
another corner case is :-
arjuns-MacBook-Air:domaintakeover arjunsharma$ dig elle.tw
; <<>> DiG 9.10.6 <<>> elle.tw
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42494
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;elle.tw. IN A
;; ANSWER SECTION:
elle.tw. 86400 IN A 151.101.128.200
elle.tw. 86400 IN A 151.101.192.200
elle.tw. 86400 IN A 151.101.0.200
elle.tw. 86400 IN A 151.101.64.200
arjuns-MacBook-Air:domaintakeover arjunsharma$ dig www.elle.tw
; <<>> DiG 9.10.6 <<>> www.elle.tw
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19199
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.elle.tw. IN A
;; ANSWER SECTION:
www.elle.tw. 80835 IN CNAME www.elle.com.tw.
www.elle.com.tw. 60 IN CNAME nonssl.global.fastly.net.
nonssl.global.fastly.net. 30 IN A 151.101.128.204
nonssl.global.fastly.net. 30 IN A 151.101.0.204
nonssl.global.fastly.net. 30 IN A 151.101.64.204
nonssl.global.fastly.net. 30 IN A 151.101.192.204
this kind of misconfigurations is also making services vulnerable
from can-i-take-over-xyz.
Hi @EdOverflow,
Is it still possible to claim subdomain on Fastly?
Regards,Yes Bro I do a Takeover last 2 days for a 4 domains.
can you guide us how you did it
from can-i-take-over-xyz.
can you guide us how you did it
from can-i-take-over-xyz.
here bro https://www.youtube.com/watch?v=9DYEg_j-_hw
from can-i-take-over-xyz.
thanks very much
from can-i-take-over-xyz.
Great PoC thanks for that I also follow you blog learned subdomain takeover through you blogs
Great PoC thanks for that I also follow you blog learned subdomain takeover through you blogs and I guess the subdomain i was trying to takeover is not vulnerable becoz it says " domain is already took by another customer"
from can-i-take-over-xyz.
The 'blahblah.com' is secured and not possible to take over
from can-i-take-over-xyz.
Is it still possible to claim subdomain on Fastly?
from can-i-take-over-xyz.
I successfully claimed a domain
But the link it is generating is
Domain.com.fastly.net
It should show only domain.com
Or domain.com.fastly.net is also correct?
from can-i-take-over-xyz.
@sumgr0 so you took over
subdomain1.example.com
andsubdomain2.example.com
? Fastly UI says the opposite than you do, if you try to takesubdomain1.example.com
Fastly is only checking ifexample.com
is taken, if it is you can't not registersubdomain1.example.com
norsubdomain2.example.com
nor any other subdomain for thatexample.com
, even if one of them is showing the fingerprint error message.
Is there any way to bypass this?
from can-i-take-over-xyz.
Only if the parent domain is not registered with wildcard entry. I've not seen anymore cases with fastly service takeover.
from can-i-take-over-xyz.
can yu tell me how because this is not workin for me
from can-i-take-over-xyz.
@vaadataa how can i register map.fastly.net domain? Now i only get a *.global.prod.fastly.net domain
from can-i-take-over-xyz.
After testing many domains with the error page. I haven't found a way to take over the subdomains.
I think this has been fixed and not properly reported here.
from can-i-take-over-xyz.
Just made a takeover.
Target was test.target.com
. CNAME to global.prod.fastly.net
When i open URL, it says
Fastly error: unknow domain: test-example.s3.amazonaws.com. Please check that this domain has been added to a service. Details: cache-blalala
- Create new delivery service
- Name
test-example.s3.amazonaws.com
- Host is my VPS
Worked
from can-i-take-over-xyz.
from can-i-take-over-xyz.
Any updates? I've found a error page on a program Bug Bounty but when i going to create, it returns the message:
Domain 'blahblah.com' is already taken by another customer
from can-i-take-over-xyz.
Any updates? I've found a error page on a program Bug Bounty but when i going to create, it returns the message:
Domain 'blahblah.com' is already taken by another customer
This mean blahblah.com
Not Vulnerable to takeover.
from can-i-take-over-xyz.
Is there no way to bypass these errors..?
Domain 'socialcodia.facebook.com' is already taken by another customer.
from can-i-take-over-xyz.
from can-i-take-over-xyz.
Just made a takeover.
Target was
test.target.com
. CNAME toglobal.prod.fastly.net
When i open URL, it says
Fastly error: unknow domain: test-example.s3.amazonaws.com. Please check that this domain has been added to a service. Details: cache-blalala
- Create new delivery service
- Name
test-example.s3.amazonaws.com
- Host is my VPS
Worked
I got the same page in www-TARGET-com.TARGET.com
BUT I didn't understand your tips and I don't know where (Create new delivery service) and the other tips
can you please explain it more deeper
my Twitter:_2os5
from can-i-take-over-xyz.
from can-i-take-over-xyz.
Is it still possible to takeover CNAME pointing to map.fastly.net? Eg : target.com --> target.com.map.fastly.net
Please provide steps if possible. I am getting only target.com.global.prod.fastly.net
from can-i-take-over-xyz.
Ok got it. Thanks for clarifying this.
from can-i-take-over-xyz.
fastly error for somthing.target.com is not vulnerable
But somthing.target.in was is vulnerable. can i report
from can-i-take-over-xyz.
hi @m7mdharoun , i used subjack tool and find 5 domain which are showing FASTLY . can vulnerable
from can-i-take-over-xyz.
Hii @m7mdharoun my custom domain is saved but i get this " Domain does not resolve to the GitHub Pages server" pls help me
from can-i-take-over-xyz.
Just made a takeover. Thank you mate @mohamed-faris
from can-i-take-over-xyz.
I just tried with 600 domains giving the fingerprint, none of them resulted in a takeover.
from can-i-take-over-xyz.
@vaadataa I confirm this too last month I takeover 4 subdomains pointing to
Fastly
Steps for takeover here Guys with video you can find it here
https://www.mohamedharon.com/2019/06/can-i-takeover-xyz-steps.html
the link is not working!!
from can-i-take-over-xyz.
fastly is an edge case its still vuln when none claimed domain tested on a live target
http://live.pandora.com
from can-i-take-over-xyz.
Related Issues (20)
- cannot set a custom domain at this time. HOT 1
- squadcast subdomain takeover
- Okta is NOT vulnerable
- Helpscout subdomain takeover HOT 1
- stage-portal Canada Dns? HOT 3
- Subdomain takeover via helpdocs.io
- Subdomain Takeover via Gohire HOT 2
- Does "Sorry, this store is currently unavailable" mention to shopify subdomain takeover? HOT 7
- Subdomain takeover
- Subdomain HOT 1
- Vulunreable or not.. 404 error it will be saying in here .. HOT 2
- Discoure "trydiscourse.com" subdomain doesn't vulnerable
- fastly is vuln HOT 3
- if a website has CNAME that points to <random>.awsglobalaccelerator.com . Is it possible to takeover it ?
- Subdomain takeover using mintlify.com HOT 2
- Subdomain takeover using ning.com
- No more github page takeover
- [Vulnerable] Wasabi Bucket Takeover
- .pantheonsite.io
- [Vulnerable] headwayapp.co subdomain takeover HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from can-i-take-over-xyz.