Description:
The subdomain █████.mil
is pointing to peosol-lg.███████.
, the domain ██████
is currently available for registration as can be seen at https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=█████
Given the rules, residency of the US, of the us
-tld I decided not to register the domain, also I do believe the output to be enough.
Using this vulnerability an attacker can:
██████████.mil
See the DIG output:
√ martinvw@denali:~/src > dig █████.mil
; <<>> DiG 9.10.6 <<>> ████.mil
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44977
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;█████████.mil. IN A
;; ANSWER SECTION:
██████████.mil. 3600 IN CNAME peosol-lg.███.
;; AUTHORITY SECTION:
us. 900 IN SOA a.cctld.us. admin.tldns.godaddy. 1715345748 1800 300 604800 1800
;; Query time: 166 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri May 10 15:06:32 CEST 2024
;; MSG SIZE rcvd: 148
And the GoDaddy page: https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=███
And whois:
√ martinvw@denali:~/src > whois ████████.
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.nic.us
domain: US
organisation: Registry Services, LLC
address: 100 S. Mill Ave, Suite 1600
address: Tempe AZ 85281
address: United States of America (the)
contact: administrative
name: IANA Contact
organisation: Registry Services, LLC
address: 100 S. Mill Ave, Suite 1600
address: Tempe AZ 85281
address: United States of America (the)
phone: +1 480 505 8800
fax-no: +1 480 393 4275
e-mail: [email protected]
contact: technical
name: IANA Contact
organisation: Registry Services, LLC
address: 100 S. Mill Ave, Suite 1600
address: Tempe AZ 85281
address: United States of America (the)
phone: +1 480 505 8800
fax-no: +1 480 393 4275
e-mail: [email protected]
nserver: B.CCTLD.US 156.154.125.70 2001:502:ad09:0:0:0:0:29
nserver: F.CCTLD.US 2001:500:3682:0:0:0:0:11 209.173.58.70
nserver: K.CCTLD.US 156.154.128.70 2001:503:e239:0:0:0:3:1
nserver: W.CCTLD.US 2001:dcd:1:0:0:0:0:15 37.209.192.15
nserver: X.CCTLD.US 2001:dcd:2:0:0:0:0:15 37.209.194.15
nserver: Y.CCTLD.US 2001:dcd:3:0:0:0:0:15 37.209.196.15
ds-rdata: 59017 8 2 7daf469d42b5d8e5537fd4dd4b6057710e9a61f72c32eb7fb6526f52277ec2b0
whois: whois.nic.us
status: ACTIVE
remarks: Registration information: http://www.nic.us
created: 1985-02-15
changed: 2024-04-16
source: IANA
# whois.nic.us
No Data Found
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2024-05-10T13:10:37Z <<<
Remove CNAME record █████████.mil