Posts

Showing posts from November, 2020

Telecom Italia (TIM) - Azure subdomain takeover

Image
Subdomain takeover is a known technique being popular in the latest years with the advent of the cloud providers. At the end of April i was able to takeover timcafe.tim.it subdomain which belongs to Telecom Italia network.  What is subdomain takeover ?  Basically, subdomain takeover is the process of hijacking someone else subdomain. Let’s make an example. When a company hosts a websit e in the   cloud let's say contoso.com hosts a web application on a cloud provider, they create a cloud application which has an unique DNS name, for example myapp.cloudprovider.com. Then, contoso.com wants to reach the web application from one of its subdomains, so they create a Canonical Name Record (CNAME) record on their DNS servers for myapp.contoso.com  that maps one domain name (an alias) to another (the canonical name). In this case myapp.contoso.com is mapped to myapp.cloudprovider.com. Now if you resolv the domain name, this will be the output:  myapp.contoso.com CNAME  myapp.cloudprovider