Open emilstahl opened 2 years ago
tko-subs shows that intercom._domainkey.dandomain.dk is vulnerable and that "dig shows a dead record" - however this is an false positive, see below
+----------------------------------+--------------------------------------------------------+----------+------------+------------+--------------------------------+ | DOMAIN | CNAME | PROVIDER | VULNERABLE | TAKEN OVER | RESPONSE | +----------------------------------+--------------------------------------------------------+----------+------------+------------+--------------------------------+ | intercom._domainkey.dandomain.dk | c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io. | intercom | true | false | Can't CURL it but dig shows a | | | | | | | dead DNS record | +----------------------------------+--------------------------------------------------------+----------+------------+------------+--------------------------------+
There is no A or CNAME
% dig c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io ; <<>> DiG 9.10.6 <<>> c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10655 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io. IN A ;; AUTHORITY SECTION: dkim.intercom.io. 120 IN SOA ns-932.awsdns-52.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 57 msec ;; SERVER: 172.64.36.1#53(172.64.36.1) ;; WHEN: Sun Mar 27 12:13:47 CEST 2022 ;; MSG SIZE rcvd: 166
But a valid TXT (DKIM) record
% dig c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io TXT ; <<>> DiG 9.10.6 <<>> c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io. IN TXT ;; ANSWER SECTION: c460b03a-4e38-4a0f-9e36-0fba9436fc99.dkim.intercom.io. 300 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDORqdpAl7oCoXaxT/HIkKbZORtTtlQRuWGqBagmHBea7FYoVr92sGtOqsyhe8NhUlNJfIFEbsi8JS57Dhb8aNekVV+F2es73MTqEh7MH88k6caohDBIqZSTQRxrlQDOIfuipNwigYsYdGqvSsXCdUGkFojKOvQGSgGfmoH39M3aQIDAQAB" ;; Query time: 58 msec ;; SERVER: 172.64.36.1#53(172.64.36.1) ;; WHEN: Sun Mar 27 12:13:49 CEST 2022 ;; MSG SIZE rcvd: 320
tko-subs shows that intercom._domainkey.dandomain.dk is vulnerable and that "dig shows a dead record" - however this is an false positive, see below
There is no A or CNAME
But a valid TXT (DKIM) record