Edit

Exploring Subdomains: From Enumeration to Takeover Victory

If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r

In the name of ALLAH the most gracious the most merciful

So today i will talk about how i got my critical subdomain takeover on ford motors

Ford is a family company, one that spans the globe and has shared ideals. We value service to each other and the world as much as to our customers. Generations ...

Choose target

our target is ford.com domain

Subdomain enumeration

First i collected subdomains using subfalcon

Subdomain Takeover checking

So here i used my another go tool subov88r

The results was something like

the result that talk my attention was like

So i quickly started to look into this subdomain but the httpx tool didn't recognize this subdomain as a valid domain

Then i decided to see this subdomain in the browser and as i expected\

Message that the subdomain may not be valid

Ok let's check can i take over xyz project

https://github.com/EdOverflow/can-i-take-over-xyz/issues/35 Oh no they say that it is not vulnerable

Still, I didn't give up. I decided to investigate on my own, and guess what? I found out that there was indeed an issue, and I successfully took control of it. It's always good to double-check! ๐Ÿ›ก๏ธ๐ŸŒ

Undeterred, I decided to manually investigate, and voila! Success โ€“ I managed to take over the CNAME <vulnerable>.trafficmanager.com . Always good to verify! ๐Ÿ›ก๏ธ๐ŸŒ

Then reported the issue with HIGHT severity and the Team changed the severity to Critical and triaged my report Update: Issue Resolved !!

PreviousFrom Recon to Reward: My Bug Bounty Methodology when Hunting on Public Bug Bounty ProgramsNext0-Click Account Takeover via Insecure Password Reset Feature

Last updated

Was this helpful?