Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx TOOLS USED IN THIS VIDEO --------------------------------------------------- - AMASS: github.com/OWASP/Amass (find subdomains) -TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner) -Dig (apt install dig) 🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy 0:00 ⏩ Intro 0:18 ⏩ How subdomain takeover works 1:59 ⏩ Why Subdomain takeovers are dangerous 2:33 ⏩ Make sure your code is secure using codesec! 4:06 ⏩ find our targets subdomains using Amass 5:06 ⏩ The username is not available 5:57 ⏩ IT actually worked!! 6:17 ⏩ Once you’re in github… 6:58 ⏩ The same thing can happen with Azure 7:45 ⏩ so how do you protect your website
Do you have any recommendations for someone who bought a new computer and the staples set it up in a bad way with admins and a fake windows defender that I can’t seem to figure out how to fix. I have Apache licenses and open sources and all of this stuff I have no idea how to fix. Thoughts?
This week is hell and a bloodbath can happen but why we don't discuss the fact that Amazon also released their ANM27T in it? Always two sides of a coin
I don't get it, if the website is deployed from github, why would you ever delete your github account? You would have probably switched to another repo or just uploaded the files directly to your server before you delete your account while your website is still dependent on it. I also don't understand why this is only a vulnerability with subdomains.
Guys, question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?
@@LuminousWhispers11 thanks Rashad, do you know why some people claim bounty rewards to give subdomain back if it's as easy as deleting the record on root? That's what confuses me
This goes even deeper... you own a DNS name and then abandon it after several years... (perhaps an unforeseen event or your start-up fails)... Some 3rd party eventually purchased my old domain and used the way back machine to re-create the website... WARNING... think hard before abandoning a domain name!
The worst part of this...as an end user, there is really no way of knowing if this happened. You can get an SSL certificate for the redirected subdomain, which means HTTPS will work fine.
i feel like this video was inspired by the "Avoiding DNS Pain" NDC talk that was uploaded 3 weeks ago. they cover this exact problem and also one solution (basically DNS as code like infrastructure as code).
All this is kinda stupid, not real hacking involved. Simply looking at public records. If the owners want, they can reset the name server DNS records or simply drop the subdomain. If this is supposed to be real hacking, at least you should have persistence.
Год назад
Myself during this Bear Market only trying to focus on BTC, ANM27T, ETH, SOL, MATIC. not losing sight of BNB and GALA.
It took me some time to get into crypto and I know that for most of you it is similar to me it is still very difficult and this idea of "quick-rich" will never work. This is why we need strong sustain projects and projects which offer a use-case and aren't just there. I think you all know what I mean, Amazons ANM27T is the way
It took me some time to get into crypto and I know that for most of you it is similar to me it is still very difficult and this idea of "quick-rich" will never work. This is why we need strong sustain projects and projects which offer a use-case and aren't just there. I think you all know what I mean, Amazons ANM27T is the way
Sorry but epic lammmmmeeeee. You know what else that admin does??? Write his password in post it note and leaves around the office. Overboard. Like your videos but this one????
Stocks and traditional markets are ruined, in a way also the crypt.. but not all of it as the recent announcement of ANM27T is blowing through all roofs
If you hold into the crash it's your own fault. Amazons ANM27T is the way out and it's here for anyone to use - should be aware on this as a chance this year which is rare even for the century guys
No you would have to use a CNAME in this case since you do not have IP access to Github's servers to redirect your site when requests are received for your subdomain. However, if you simply delete he CNAME in your DNS config, the crisis will be averted.
Nice, a video about ANM27T, ANM27T is The Best Blockchain, I sold all my ETH for ANM27T hours ago and I've never regretted the decision. I choose ANM27T because I prefer to invest in The Best, I don't care who was first. On the long term, The Best will be number one.
Nice video, just a question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?
I don't know how to make kubuntu run a command on start up - I basically want to light up my keyboard with "xset led on" - Help ObiWan Chuckobi your my only hope"
Both ANM27T and BTC are game changer, glad to have them on my portfolio and hope you are considering adding them too?, Yes you that is reading my comment
This happens all the time even for large companies including microsoft, amazon, walmart, etc that people use subdomains to send spam mail from the main domain from the actual company making hard to block spam mail because you can't just block the email address or the domain because you might actually want email from the actual company. Most email services don't allow blocking subdomains only email addresses themselves or primary domains. So people just make infinite amounts of sub domains for the primaries of an actual companies domains making it hard to block spam. At times it almost feels like the spammer have hacked the mail servers themselves and using it to spam and it's even funner when they are able to send spam mail out with no email address at all because the servers don't check to see is the account sending actually exist or even cares if the send mail is blank. It's even more fun when some emails services have auto avatar and names loading that get associated with the spammers email making it even look more like a real email. It's kind of hard for me to explain this lol.
Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx
TOOLS USED IN THIS VIDEO
---------------------------------------------------
- AMASS: github.com/OWASP/Amass (find subdomains)
-TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner)
-Dig (apt install dig)
🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy
0:00 ⏩ Intro
0:18 ⏩ How subdomain takeover works
1:59 ⏩ Why Subdomain takeovers are dangerous
2:33 ⏩ Make sure your code is secure using codesec!
4:06 ⏩ find our targets subdomains using Amass
5:06 ⏩ The username is not available
5:57 ⏩ IT actually worked!!
6:17 ⏩ Once you’re in github…
6:58 ⏩ The same thing can happen with Azure
7:45 ⏩ so how do you protect your website
Hey chuck (apt install dig) will not work 😊 its (apt install dnsutils)
hey your comment section is botted lol
Do you have any recommendations for someone who bought a new computer and the staples set it up in a bad way with admins and a fake windows defender that I can’t seem to figure out how to fix. I have Apache licenses and open sources and all of this stuff I have no idea how to fix. Thoughts?
Thanks for your video. I learns a lot and useful to my job.
Another video by chuck
Thank Goodness
Now I know the difference between real voice chuck and content creator chuck. BTW luv the videos !
You are better than any AI !
I love your content so much chuck
What about a subdomain takeover with Fastly?
This week is hell and a bloodbath can happen but why we don't discuss the fact that Amazon also released their ANM27T in it? Always two sides of a coin
Wow! So Cool! 😂👍👍👍
NEW VIDEO!!! YAY
As a hacker, I can assure that it was the easiest explanation of Subdomain Takeover.
Remember kids ...
it's always DNS, always.
I don't get it, if the website is deployed from github, why would you ever delete your github account? You would have probably switched to another repo or just uploaded the files directly to your server before you delete your account while your website is still dependent on it. I also don't understand why this is only a vulnerability with subdomains.
because you cannot create CNAME records for root domains
You just have to delete the resource and not alter the dns records. Remember this was a demonstration.
Guys, question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?
@@777Yashobeamofchrist Yes, if you delete the dns records then no one can hijack the subdomain.
@@LuminousWhispers11 thanks Rashad, do you know why some people claim bounty rewards to give subdomain back if it's as easy as deleting the record on root? That's what confuses me
What a clickbait title. I expected more from you. :/
How to run tool in kalilinux from any path ?
This goes even deeper... you own a DNS name and then abandon it after several years... (perhaps an unforeseen event or your start-up fails)... Some 3rd party eventually purchased my old domain and used the way back machine to re-create the website... WARNING... think hard before abandoning a domain name!
The worst part of this...as an end user, there is really no way of knowing if this happened.
You can get an SSL certificate for the redirected subdomain, which means HTTPS will work fine.
i feel like this video was inspired by the "Avoiding DNS Pain" NDC talk that was uploaded 3 weeks ago.
they cover this exact problem and also one solution (basically DNS as code like infrastructure as code).
Mr Beast Game sweatshirt 😂😂😂
btw. i love your videos!
Always remember kids - "It's only for educational purposes"
Love your content.....keep doing great things!
Best prevention is to not have a website
Underrated comment
yes.
Or don't create cname entries in your dns record for domains that you don't control
🤔
Even better is to not be alive
don't have one, jokes on them 😅.
❤️❤️❤️
Just curious what is your input in the targets.txt file ?
Is there a free hacking software for Windows? Like the one you use in Linux but then for Windows?
you are doing such a fabulous job 😜
I saw something recently call no-code programming. Can you give your perspective on it?
All this is kinda stupid, not real hacking involved. Simply looking at public records. If the owners want, they can reset the name server DNS records or simply drop the subdomain.
If this is supposed to be real hacking, at least you should have persistence.
Myself during this Bear Market only trying to focus on BTC, ANM27T, ETH, SOL, MATIC. not losing sight of BNB and GALA.
It took me some time to get into crypto and I know that for most of you it is similar to me it is still very difficult and this idea of "quick-rich" will never work. This is why we need strong sustain projects and projects which offer a use-case and aren't just there. I think you all know what I mean, Amazons ANM27T is the way
It took me some time to get into crypto and I know that for most of you it is similar to me it is still very difficult and this idea of "quick-rich" will never work. This is why we need strong sustain projects and projects which offer a use-case and aren't just there. I think you all know what I mean, Amazons ANM27T is the way
Fun fact:Anybody noticed one thing?? But I did that Chuck wear mrbeast t-shirt.But they didn't send affiliate link to Chuck.😁😁
Super video Chuck Your videos are awesome And informative 👍🏿
Sorry but epic lammmmmeeeee. You know what else that admin does??? Write his password in post it note and leaves around the office. Overboard. Like your videos but this one????
Lesson to be learnt. Don’t use cname record. Specially if you’re going to encrypt using https. Better off using A records. Don’t be lazy!
How to get the takeover tool. I didn't find in github
second
Stocks and traditional markets are ruined, in a way also the crypt.. but not all of it as the recent announcement of ANM27T is blowing through all roofs
I've only watched the first 2 minutes. I understand the concept except it smells more of taking advantage of poor DNS management.
ANM27T at less than $1. is like BTC at $100. When ANM27T finally blows it's gonna be epic.
its obviously ANM27T, and the only I would buy is to make money. Personally, not a huge fan of this one
I hold both but I’m making more effort to get as many ANM27T as I can, along with bitcoin and enthereum.
ANM27T will change the trajectory of my future investements/trades.... I feel it!
Thank you for this very informative video, so could you please do a video on the best method to secure DNS and a site? Thanks.
Don't create cname entries in your dns for domains that you don't control
Cloudflare
Thanks for the video Chuck! It will definitely all the website developers!
If you hold into the crash it's your own fault. Amazons ANM27T is the way out and it's here for anyone to use - should be aware on this as a chance this year which is rare even for the century guys
Yes but if you use A record instead of CNAME aren't you more safe?
No you would have to use a CNAME in this case since you do not have IP access to Github's servers to redirect your site when requests are received for your subdomain. However, if you simply delete he CNAME in your DNS config, the crisis will be averted.
Nice, a video about ANM27T, ANM27T is The Best Blockchain, I sold all my ETH for ANM27T hours ago and I've never regretted the decision. I choose ANM27T because I prefer to invest in The Best, I don't care who was first. On the long term, The Best will be number one.
The reason I got ANM27T is because I believe decentralization is more important than anything else.
ANM27T has as much potential as ethereum. But unlike ethereum it has a bigger growth potential.
Truly love your candidness, I DCAed today again for BTC ANM27T and ETH
That’s not hacking. There should be a term specifically for this let’s call it misconfiguring.
If a hacker hacks my website, I’d let them have it :) I don’t have a website. They were pranked!
ANM27T has as much potential as ethereum. But unlike ethereum it has a bigger growth potential.
Nice video, just a question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?
Yes, they won't be able to use your domain name anymore. Unless your registered domain name is also controlled.
@@cxl520 thx xl c
he won't tell you. you need to pay. network cuck is useless. David Bombal is 10x better.
Dud your videos are too fast and for what? It’s so hard to follow along and ruining ppl’s (already) short attention span even more
Bro, i bought ANM27T in September after your video. i'm up 79%.
i reported 2022 more then 200 subdomain takeover bugs i remember i takeover 60 subdomains one day one of the big universities on the world
all of this because github can't fkkking clear the dns setting when the account is deleted
Mr Beast?????????? CRINGE!
ANM27T is gonna go to $5 in a year..probably ahead of bitcoin in 3-5 years
So basically bearish on everything except amazon's ANM27T
I don't know how to make kubuntu run a command on start up - I basically want to light up my keyboard with "xset led on" - Help ObiWan Chuckobi your my only hope"
You should buy ETH and ANM27T if you care about your future
Of course ANM27T is the first and strongest hype now that the rumors became reality
Sorry I don't understand the part that you created file called fun html.
This may be the last time you can get ANM27T before it takes off 4,000%
ANM27T is less that $1 just like the 2012 bitcoin days... time to buyyyyyyyyyyy
In other words don't redirect other sites to your own domain or subdomain in the first place. Simple.
TakeOver Script is not available on this user where can i find this exact script?
Charts literally make me mad the sun in my life is Amazons ANM27T nowadays
Everyone talking about the ANM27T launch best news this year
There is a reversal expected reason is that ANM27T is made by Amazon and pretty hot
If the inflation and recession is real you need to decide which to hold and I think ANM27T does better
Best day of my life Amazons annnouncement with ANM27T did so much we can't be wrong now, can we?
Will you make any research videos about ANM27T
Will you make any research videos about ANM27T
ANM27T is going to 100x over Bitcoins Market Cap.
Both ANM27T and BTC are game changer, glad to have them on my portfolio and hope you are considering adding them too?, Yes you that is reading my comment
We will rise with ANM27T and Matic!!! Just HODL
Me watching Network Chuck has Beast Gaming Hoodie 😂
Lol so lame. It’s quite a stretch calling this a hack! 🤦♂️
I already lost 75% of my lnvestment to crypto crash this year, but good news on ANM27T
Look like Algorand has the same chart then Amazons ANM27T
This happens all the time even for large companies including microsoft, amazon, walmart, etc that people use subdomains to send spam mail from the main domain from the actual company making hard to block spam mail because you can't just block the email address or the domain because you might actually want email from the actual company. Most email services don't allow blocking subdomains only email addresses themselves or primary domains. So people just make infinite amounts of sub domains for the primaries of an actual companies domains making it hard to block spam. At times it almost feels like the spammer have hacked the mail servers themselves and using it to spam and it's even funner when they are able to send spam mail out with no email address at all because the servers don't check to see is the account sending actually exist or even cares if the send mail is blank. It's even more fun when some emails services have auto avatar and names loading that get associated with the spammers email making it even look more like a real email. It's kind of hard for me to explain this lol.
I just say that you shouldn't wear other youtuber's merch during your videos
Everyone waited for Amazon to create ANM27T and the time is ready
I purchased $500 ANM27T i am on the train too
Please make videos on (Bug Bounty) techniques..........
Chuck your videos are great but those pathetic sips of coffee piss me off every time 😅
Great video, please coninue making these kinds of videos
I purchased $500 ANM27T i am on the train too
👆👆👆 if you watch the video and didn't understand Inbox the username above he will Help you out
I already lost 75% of my lnvestment to crypto crash this year, but good news on ANM27T
first comment
Nice new studio 🤩
can you stop lying and telling this is hacking. its not.
I bought 2500 ANM27T tokens, too. It will be great profit when it is listed for $2
On ANM27T go long when the sell pressure reduce.
Converting at least some losses with ANM27T