Digital Ocean #22
Comments
|
For anyone wondering, this is still vulnerable in 2023. |
|
And in 2024, Digital Ocean is still vulnerable. |
|
But now, I found Digital Ocean uses Cloudflare as their NS: So, does it mean Digital Ocean is not vulnerable anymore? |
|
@fa1c0n1 Possibly, yes. I'm surprised they moved to Cloudflare but I will need to test. |
While Digital Ocean uses Cloudflare to serve DNS for their own domain, the DNS services they provide are still vulnerable to takeover—everybody gets the same nameservers, and there is no verification of ownership. |
|
I'm new to this, do I need to create an app and publish a txt to prove I have taken it over? my current issue is that the domain isn't transferring to my account. |
|
@domdefault Yes, you'd create an account, add the domain to your account by creating a zone with that domain name (or subdomain) then adding a TXT record to the zone. You can send them a link to Google's DNS checker as your POC like this: https://toolbox.googleapps.com/apps/dig/#TXT/myexample.com Just be sure to check there an hour after you add the TXT record to make sure it worked before you report. Once you create the zone you're the only one who can report it with a POC so there's no hurry at that point. Happy to help if you need. DM me on Twitter or Discord (but mention it here cause my notification on Twitter aren't working). |
ServiceDigital OceanStatusVulnerableNameserverExplanationTo perform a takeover create a new account on Digital Ocean and follow the DNS quick start guide. In short, once inside the Dashboard click on the big green
Createbutton and selectDomains/DNS. Enter the vulnerable domain in the form field labeledEnter domain. If the page allows you to create the zone the takeover was successful.Digital Ocean's vulnerability to DNS takeovers was discussed in detail by Matthew Bryant in 2016 and they are still vulnerable today.
The text was updated successfully, but these errors were encountered: