search

indianajson / can-i-take-over-dns

"Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
758 stars 78 forks source link

NS1 #7

Open indianajson opened 3 years ago

indianajson commented 3 years ago

Service NS1

Status Vulnerable

Nameservers

dns1.p**.nsone.net dns2.p**.nsone.net dns3.p**.nsone.net dns4.p**.nsone.net

Explanation

If you have an NS1 account head into the control panel. Creating a new zone for your domain (assuming the zone is available to register) will perform the takeover. The nameservers do not need to match. For example, even if the nameserver on the domain is dns4.p05.nsone.net, but your zone is dns4.p03.nsone.net the takeover will still work.

False Positives

If you get an error that says "FQDN is used by multiple zones" that means it is already in someone else's accounts. You cannot takeover subdomains of root domains that already have zones. This is not due to this being an edge case, this is simply how DNS works.

Assistance with Takeovers

If you need help with a takeover now that NS1 no longer offers free accounts, DM me on Twitter then post a comment here (cause my Twitter notifications are broken) and I'll try to help.

Elgllad99 commented 2 years ago

still Vulnerable ?

jonare commented 2 years ago

Yes, it is still vulnerable.

indianajson commented 2 years ago

@atastycookie There are more false positives due to NS1's safety checks, but I can confirm the issue is not fixed.

oneskksk commented 1 year ago

Anyone had any success with this? image

kleozzy commented 1 year ago

No more free accounts :(

cosmin-craciun-superbet commented 1 year ago

hi @indianajson can you give me a hand with a takeover PoC on NS1? Cheers

FalcoXYZ commented 1 year ago

hi @indianajson can you give me a hand with a takeover PoC on NS1? Cheers

I got an account, I can help you if you still need help.

sy-yunyi commented 7 months ago

@FalcoXYZ Hello, can you give me a hand with a takeover PoC on NS1?

FalcoXYZ commented 7 months ago

@FalcoXYZ Hello, can you give me a hand with a takeover PoC on NS1?

Yes, send me a message on Twitter/X: https://x.com/FalcoXYZ

sy-yunyi commented 7 months ago

@FalcoXYZ Hello, can you give me a hand with a takeover PoC on NS1?

Yes, send me a message on Twitter/X: https://x.com/FalcoXYZ

@FalcoXYZ Sorry, I am not a Premium member of Twitter. I cannot send you messages. Can I send it to you in other ways? like email?

FalcoXYZ commented 7 months ago

@FalcoXYZ Hello, can you give me a hand with a takeover PoC on NS1?

Yes, send me a message on Twitter/X: https://x.com/FalcoXYZ

@FalcoXYZ Sorry, I am not a Premium member of Twitter. I cannot send you messages. Can I send it to you in other ways? like email?

Telegram? It's: FalcoXYZ

pdelteil commented 2 months ago

I need an account to do some testing!

Who can help ?

pdelteil commented 2 months ago

I need an account to do some testing!

Who can help ?

Nevermind, got an account, hit me up if you need to test some cases.