amazon ec2 vulnerable?

[h3cksamrat]

Is it still possible to takeover ec2 instances? Eg: ec2-12-134-1-3.compute-1.amazonaws.com

[melbadry9]

https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state

[melbadry9]

@h3cksamrat, @EdOverflow

Yes, this is a vulnerable service, I was able to takeover a punch of IPs belong to bug bounty programs last month.

[AadhiAS]

@h3cksamrat, @EdOverflow

Yes, this is a vulnerable service, I was able to takeover a punch of IPs belong to bug bounty programs last month.

@h3cksamrat bro, can you explain how u did that on ec2 please. Any information related to ec2 will be useful for me. I created a instance. Then created a hosted zone and added all records but the a record I used work on browser only used like http://x.x.x.x and it won't work on http://sub-domain.com. Then I tried to get SSL TLS certificate but the certificate is not validating and expiring. Is it necessary to acquire certificate to use ec2 instance.

[melbadry9]

@AadhiAS, EC2 IP takeover requires brute-forcing IP to successfully takeover subdomain and be able to create a PoC.

You can referrer to blog for info and this script for brute-force IP.

[blackcodersec]

Hello @melbadry9, sir, could you please share your script please?

[pdelteil]

Hello @melbadry9, sir, could you please share your script please?

Not the full script, but some parts.

https://web.archive.org/web/20230129024123/https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state

[melbadry9]

Hello @melbadry9, sir, could you please share your script please?

Not the full script, but some parts.

https://web.archive.org/web/20230129024123/https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state

https://melbadry9.gitbook.io/blog/dangling-dns/aws/ddns-ec2-current-state

[blackcodersec]

Thanks for your reply @pdelteil & @melbadry9.