Skip to content

Commit

Permalink
Add a couple of notes
Browse files Browse the repository at this point in the history
  • Loading branch information
rmoff committed Jan 17, 2024
1 parent 91b814e commit 4d401c7
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions content/post/sdh.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ NOTE: I own `rmoff.info` so it's up to me what I do with it, but I'm pretty sure

This means that anyone who hits the GitHub Pages web servers (which we've seen above is fronted by that block of four IP addresses) asking for `spammy-crap.rmoff.info` is going to get served the contents of https://github.com/rmoff/sdh-test[the repository that I created].

Let's try it:
Let's try it out and go click on 🔗 http://spammy-crap.rmoff.info[spammy-crap.rmoff.info]

image::/images/2024/01/sdh.webp[]

Expand All @@ -132,6 +132,7 @@ And to recap, all that I needed to do to hijack subdomains was:

NOTE: My thanks to https://www.linkedin.com/in/oliverhookins/[Oliver Hookins] for his rapid help in diagnosing and explaining this issue.

_I have, obviously, removed the wildcard DNS record from `rmoff.info` before publishing this, so don't even try 😝_
_I have, obviously, removed the wildcard DNS record from `rmoff.info` before publishing this, so don't even try 😝_ \
_I left in place an A record just for `spammy-crap` so that you can see the domain->GitHub Pages resolution in practice._

image::/images/2024/01/dns0.webp[Wait, It's All DNS? Always Has Been]

0 comments on commit 4d401c7

Please sign in to comment.