Taken is a tool to takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple
Pre-Requisites
Tech/Framework Used
Built with
Bash
Features
Detailed Steps To Use
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE The access key for your AWS account.
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY The secret access key for your AWS account.
Reasoning
– Each Region in AWS has associated different IP subnets. To target companies sitting in US, there are high chances they are running in any of US regions, but may also have assets in other regions like Ireland, Frankfurt etc. So instead of running 10 assets in one region, try running 5 assets in the region company HQ is based and other 5 in different regions.Screen session example :
Email Notification :
Took over a subdomain what next
– SSH into that host, create a simple HTML file and start a python server and you have a running POC. (I plan on automating this as well in next release)
Running At Bulk
I scraped through all the public programs at HackerOne and Bugcrowd and top 500 SaaS Forbes/SaaS companies, collected their subdomains and started hitting. Within 24 hours i was able to take over 3 subdomains. Instances running total 10 in 3 different regions. Success rate depends highly upon no. of instances running. Since with the script you change around 1440 ips in 24 hours, that would make it around 14400 IPs with 10 instances in 24hours.
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…
What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…