Github Subdomain Takeover

2019.02.03
id FA Haxor (ID) id
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

What you need : - Reverse IP (yougetsignal / hackertarget) - Github Account (Better use new account) - HTTP / HTTPS Status First, go to Reverse IP , and then write github subdomain *Default is : grab.github.io Choose the subdomain without .github.io *Ex : myexploit.github.io Check in HTTP / HTTPS Status *If the domain status is 404 , you can takeover it After you got 404 domain status, go to your github account > Create New Repository (The repository name must *myexploit.com ! Don't use http:// or https://) > Checklist Public > Checklist Initialize this repository with a README > Create new file > Write or paste your defacement script (HTML) > Open setting (not on profile) > Search Github Page, change Source from "None" to "Master Branch" Last, search Github Page again, and write "Custom Domain" with name of domain that you hijack (Ex : myexploit.com) Thank's to All Indonesia Haxor

References:

https://www.youtube.com/watch?v=OYxri7L1zZ4


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top