1
00:00:01,050 --> 00:00:03,750
Hello, everyone, and welcome to this video.

2
00:00:04,560 --> 00:00:11,340
So in this video, we are going to see one of the interesting subdomain takeover's onto a new cloud

3
00:00:11,340 --> 00:00:13,380
service platform, which is Cargo.

4
00:00:13,770 --> 00:00:14,250
All right.

5
00:00:14,820 --> 00:00:15,720
So let's see this.

6
00:00:15,760 --> 00:00:22,440
So I have created a subdomain, which is cargo.hacktify.in and which is pointing to this IP address.

7
00:00:23,130 --> 00:00:27,180
This IP address belongs to the cargo cloud service provider.

8
00:00:27,840 --> 00:00:35,160
So you can also verify that using your terminal just go into a terminal and type host cargo.

9
00:00:37,190 --> 00:00:45,200
Sorry about that, you can simply go into a terminal and host cargo.hacktify.in and you will be able

10
00:00:45,200 --> 00:00:46,320
to see the IP address.

11
00:00:46,340 --> 00:00:51,070
So this is the IP address, which belongs to the cargo web application.

12
00:00:51,730 --> 00:00:53,330
Let's confirm that as well.

13
00:00:53,840 --> 00:01:00,380
So if I search this, you can see this domain has been configured for use by cargo alright.

14
00:01:01,100 --> 00:01:07,640
So you can see cargo.hacktify.in gives the same error message, which means that Web application

15
00:01:07,640 --> 00:01:12,260
has been successfully created but never claimed on the cargo website.

16
00:01:12,890 --> 00:01:17,560
So to claim it, you are going to go onto the cargo website and create an account.

17
00:01:18,380 --> 00:01:24,760
So let's create an account quickly and make a site with the template.

18
00:01:24,770 --> 00:01:27,420
OK, we are ready and the email address.

19
00:01:27,440 --> 00:01:30,240
So let's quickly enter the email address.

20
00:01:30,290 --> 00:01:32,360
So to the email address.

21
00:01:32,930 --> 00:01:34,330
Backup email address.

22
00:01:34,340 --> 00:01:35,300
We don't want to give.

23
00:01:35,630 --> 00:01:37,120
I want to give the password.

24
00:01:37,130 --> 00:01:39,230
So let me give the password.

25
00:01:40,160 --> 00:01:50,390
Now it says to the cargo URL so let's use  URL which is cargo.hacktify.in and you can

26
00:01:50,390 --> 00:01:54,700
see at the end of this adding cargo side of it and in the name of your site.

27
00:01:54,710 --> 00:02:03,590
So let's end of the same name for our site, which is called cargo.hacktify.in and click

28
00:02:03,590 --> 00:02:04,520
on submit.

29
00:02:05,660 --> 00:02:15,590
Now the attacker is able to identify that the website, which is cargo.hacktify.in is

30
00:02:15,590 --> 00:02:20,530
pointing to the cargo subdomain, but it's not been successfully claimed.

31
00:02:20,540 --> 00:02:22,460
So the attacker has claimed it.

32
00:02:24,050 --> 00:02:34,190
Yeah, so now once we have created our account, so let me just type your Subdomain take over, because

33
00:02:34,640 --> 00:02:41,090
I want this message to be shown over onto the Web application and let's click on Save.

34
00:02:41,270 --> 00:02:42,420
So I think it is save now.

35
00:02:42,450 --> 00:02:44,770
Now, we don't want to change the design.

36
00:02:44,780 --> 00:02:46,160
Let's keep it as it is.

37
00:02:46,250 --> 00:02:53,420
Let's click on Connect and Existing Domain and let's choose the domain that we want to take over,

38
00:02:53,750 --> 00:02:57,420
which is cargo.hacktify.in and hit enter.

39
00:02:57,890 --> 00:03:04,130
And now you can see it became green, which means that we are able to successfully take over the domain.

40
00:03:04,670 --> 00:03:06,060
Now let's try to see this.

41
00:03:06,440 --> 00:03:13,850
So this was the original domain that was hosted by the admin of hacktify and the attacker was able

42
00:03:13,850 --> 00:03:17,600
to identify that there is no such application which is running.

43
00:03:17,900 --> 00:03:23,630
All this domain has been configured for use by cargo is the fingerprint which is available onto the

44
00:03:23,750 --> 00:03:24,890
Web application.

45
00:03:25,520 --> 00:03:31,000
Now, let's try to reload this and see if the attacker is able to take over the domain.

46
00:03:31,460 --> 00:03:38,480
And you can see this site is private, is one of the messages is flashing onto this Web application.

47
00:03:38,480 --> 00:03:47,600
And you can see this site is a private message, is there, because we need to upgrade our account so

48
00:03:47,600 --> 00:03:50,690
you can see monthly we need to upgrade it to 13 dollars.

49
00:03:51,350 --> 00:03:51,730
All right.

50
00:03:51,740 --> 00:03:53,090
So we are not going to do that.

51
00:03:54,140 --> 00:04:02,510
But this is enough to prove that we have successfully taken over the website and the account, although

52
00:04:02,510 --> 00:04:07,170
you can also make any changes into the content and design, whatever you want.

53
00:04:07,460 --> 00:04:15,620
So let's say we change this untitled page to subdomain takeover we can also put any images, whatever

54
00:04:15,620 --> 00:04:19,960
we like, and we can host it that way as well.

55
00:04:20,290 --> 00:04:22,510
Let's go back here and deliver this.

56
00:04:23,120 --> 00:04:23,470
Yeah.

57
00:04:23,480 --> 00:04:25,330
So we are not able to see anything yet.

58
00:04:25,340 --> 00:04:30,340
But this site is it is private because it is now controlled by the attackers.

59
00:04:30,350 --> 00:04:35,260
So this was a successful subdomain takeover on the cargo web application.

60
00:04:35,600 --> 00:04:36,800
So I hope you guys understood.

61
00:04:36,920 --> 00:04:37,490
Thank you.