subjack icon indicating copy to clipboard operation
subjack copied to clipboard

Published 20 hours ago verified publisher icon haccer

trafficmanager.net (Azure) giving false positives

Open AnotherWayIn opened this issue 7 years ago • 3 comments
trafficstars

So far all the Azure takeovers i've found that resolve to *.trafficmanager.net seem to be FP thanks

AnotherWayIn avatar Jul 31 '18 23:07 AnotherWayIn

Thank you @AnotherWayIn I started noticing this a while back. I haven't found a proper way to remediate this issue, it seems the only way to rule out a false positive would be to attempt a takeover.

haccer avatar Aug 02 '18 14:08 haccer

@haccer if it resolves to an IP it's taken the only other way i know is to to use the Azure CLI as it requires auth to check if the subdomain is available.

random-robbie avatar Aug 28 '18 06:08 random-robbie

@random-robbie

basically how the azure domains are found are basically similar to:

➜  ~ host azure.cody.su
Host azure.cody.su not found: 3(NXDOMAIN)
➜  ~ dig +short cname azure.cody.su
alskdjfl.trafficmanager.net.

The detection goes as:

If subdomain has trafficmanager.net cname && not pointing to any IP {
  subdomain == takeoverable
}

You're right, Azure CLI integration is an option, or if they have an API that is also another option.

For anyone reading this, if you want to resolve this issue and submit a pull request you are welcome to do so.

haccer avatar Aug 28 '18 06:08 haccer