I got error screen for microsoft azure when pentesting private website.
CNAME::example.azurewebsites.net
But doesnt find how to takeover azure domains.
Can anybody guide me.
Thanks
I got error screen for microsoft azure when pentesting private website.
CNAME::example.azurewebsites.net
But doesnt find how to takeover azure domains.
Can anybody guide me.
Thanks
Hi @himanshu0001,
it’s very difficult to help you without more information.
From what I understand you found a subdomain which has a CNAME entry pointing to example.azurewebsites.net and example.azurewebsites.net is not claimed.
It seems that it’s possible to take over. This may be helpful: https://github.com/EdOverflow/can-i-take-over-xyz#microsoft-azure
Yes bro i found 2-3 different websites with same error but unable to claim that …i followed the Can i take over xyz guide but stuck at the following command for creating python web app.
az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app_name> --runtime “python|3.4” --deployment-local-git
Whats should be replace in place of <app_name> …
Guide:
I never worked with Azure. But here is the answer from the guide you shared:
In the Cloud Shell, you can use the
az webapp create
command. In the following example, replace<app_name>
with a globally unique app name (valid characters area-z
,0-9
, and-
). The runtime is set to python|3.4. To see all supported runtimes, runaz webapp list-runtimes
.
Also, maybe put the example
from example.azurewebsites.net
as the <app_name>
. Because I assume Azure uses the application name you choose to create the public address *.azurewebsites.net
.
Take your time to read and re-read. I know it’s not the most enjoyable thing, but there is not other way to learn (at least when just text is available).