Hello there !
I hope all is well with you despite these difficult days. I wish you all a very happy New Year 2022. I’d like to tell you about a little known but potentially annoying vulnerability: domain and subdomain takeover.
Introduction But before start you have to know several things about domain name system also known as DNS.
The Domain Name System (DNS) is the hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol (IP) networks.
TL;DR Have a look to https://github.com/ShutdownRepo/Exegol
Why ? I’m sure you have already been in the same situation than me. You’re working at a client’s office for a penetration test, a tight time slot for your tests, no downtime. You arrive a little late in the morning (thanks to the strikes) and your virtual machine containing all your tools doesn’t want to start (I knew I shouldn’t have play with my bootloader yesterday night tss).
The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO.
For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :
I think you know what I am talking about. The “file upload” vulnerability is familiar for you ? Nice. So you know how it could be difficult to bypass protection to upload a webshell. I will show you a little technique to add to your test when you are trying to exploit file upload :)
This technique is inspired from the challenge l33t-hoster of the Insomni’hack Teaser 2019 CTF
So follow the guide !