Subdomain Takeover Lab by InitD Community

Who we are ? (InitD Community)

The name of our community would be initD indicating a daemon process that continues running until the system is shut down. So our community will be the direct or indirect ancestor of all kinds of knowledge that will be shared among us. Our community will include sharing of knowledge through hands-on sessions, Capture the Flags(CTF) and lot more. The main aim of our community is to share an InfoSec Knowledge to all and motivate beginners to build something. It may include any open source project such as application, website etc.

What is Subdomain Takeover Lab?

Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. Amazone S3, GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if subdomain.example.com was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing subdomain.example.com, and claim subdomain.example.com.

Lab Details

Subdomain Takeover lab is FREE for everyone. This means here is a legal to takeover Subdomain of this website not my Personal Domain. hehe ;)
Here you'll find more than 70 subdomain which is waiting for TAKEOVER ;)

AWS/S3.
Github Page
Heroku
Tumblr
Tilda and etc.

Rules of Playing

Its Free, But you have to follow some rules for fair playing and learning purpose.

Do Not use this as illegal purpose.
Once You Takeover Subdomain, You'll get a Confirmaiton E-mail. After Confirmation mail Free that Subdomain for others.
Post your Screenshot on Twitter with #SDTakeoverLab #Initd and cc to initd_sh
Do not Host any Advertisment,Pronography and Abusing Content on any of subdomain.

Steps Of Playing ?

Please Follow Below Steps.

Find Your Target Subdomain.
Claim Your Subdomain and Generate Unique Value. This will use as a filename in further step.
Once You Takeover the subdomain. Make a txt file with previous generated value as a Filename and file content must be your E-Mail only.
Command Example:
echo "info@initd.sh" > d1282ee66b41e66645be96937b3d6a03.txt
Host this file d1282ee66b41e66645be96937b3d6a03.txt on root of subdomain.
Let's Verify your Sudomain. All Perfect or not.
Done.

Subdomain Takeover

Practical Lab Proudly Present by Initd Community

Who we are ? (InitD Community)

What is Subdomain Takeover Lab?

Lab Details

Rules of Playing

Steps Of Playing ?

Claim and Get Unique Value for Your Sudomain.

Let's Verify your Sudomain have you hacked ?.

Twitter

Slack Help Channel

Email

Who we are ? (InitD Community)

What is Subdomain Takeover Lab?

Lab Details

Rules of Playing

Steps Of Playing ?

Claim and Get Unique Value for Your Sudomain.

Let's Verify your Sudomain have you hacked ?.

If you like our service.You can Donate, In term of Sharing Knowledge, Contribute in our Ideas or FOSS Project and Donate for our hosting services

Twitter

Slack Help Channel

Email

If you like our service.
You can Donate, In term of Sharing Knowledge, Contribute in our Ideas or FOSS Project and Donate for our hosting services