Philippe Delteil

> hey all. > > dig on a subdomain responds with a status: NOERROR, and the cname points to *.azurewebsites.net. > > is it vulnerable for takeover? > > ...

> Hey, How can I claim this? - *.azurewebsites.net > Provide steps please I am stuck https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/

An interesting case I'm not use is possible to exploit is domains pointing to xx.usgovcloudapp.net

> @pdelteil when you see "gov" as a part of service, it's not possible to normal user to register these services. > > You must be either US government employee...

Still possible to takeover domains that point to: - NAME.ZONE.cloudapp.azure.com (e.g. dev.centralus.cloudapp.azure.com) - NAME.azurewebsites.net (eg. testing.azurewebsites.net)

*.azure-api.net is not longer vulnerable.

How? Describe the steps!

Thanks, I will give it a try.

> > cname *.trafficmanager.net are vuln or not ? > > Yup, these are still vulnerable. I was able to take over one today. Hello, Can you provide more information...

Hello, It's still vulnerable. Some domains would require domain ownership while others won't.