search

indianajson / can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
990 stars 93 forks source link

Digital Ocean #22

Open indianajson opened 3 years ago

indianajson commented 3 years ago

Service Digital Ocean

Status Vulnerable

Nameserver

ns1.digitalocean.com ns2.digitalocean.com ns3.digitalocean.com

Explanation

To perform a takeover create a new account on Digital Ocean and follow the DNS quick start guide. In short, once inside the Dashboard click on the big green Create button and select Domains/DNS. Enter the vulnerable domain in the form field labeled Enter domain. If the page allows you to create the zone the takeover was successful.

Digital Ocean's vulnerability to DNS takeovers was discussed in detail by Matthew Bryant in 2016 and they are still vulnerable today.

FalcoXYZ commented 1 year ago

For anyone wondering, this is still vulnerable in 2023.

dend commented 8 months ago

And in 2024, Digital Ocean is still vulnerable.

fa1c0n1 commented 5 months ago

But now, I found Digital Ocean uses Cloudflare as their NS: kim.ns.cloudflare.com. walt.ns.cloudflare.com.

So, does it mean Digital Ocean is not vulnerable anymore?

indianajson commented 5 months ago

@fa1c0n1 Possibly, yes. I'm surprised they moved to Cloudflare but I will need to test.

thetorpedodog commented 2 months ago

But now, I found Digital Ocean uses Cloudflare as their NS: kim.ns.cloudflare.com. walt.ns.cloudflare.com.

So, does it mean Digital Ocean is not vulnerable anymore?

While Digital Ocean uses Cloudflare to serve DNS for their own domain, the DNS services they provide are still vulnerable to takeover—everybody gets the same nameservers, and there is no verification of ownership.

domdefault commented 3 weeks ago

I'm new to this, do I need to create an app and publish a txt to prove I have taken it over? my current issue is that the domain isn't transferring to my account.

indianajson commented 3 weeks ago

@domdefault Yes, you'd create an account, add the domain to your account by creating a zone with that domain name (or subdomain) then adding a TXT record to the zone.

You can send them a link to Google's DNS checker as your POC like this: https://toolbox.googleapps.com/apps/dig/#TXT/myexample.com

Just be sure to check there an hour after you add the TXT record to make sure it worked before you report. Once you create the zone you're the only one who can report it with a POC so there's no hurry at that point.

Happy to help if you need. DM me on Twitter or Discord (but mention it here cause my notification on Twitter aren't working).