Subdomain Takeover via GitHub Pages 2025

6ickzone 0
Subdomain Takeover via GitHub Pages 2025

🔓 Subdomain Takeover via GitHub Pages (2025)

by Nyx6st / 0x6ick

Screenshot takeover

🧠 Apa Itu Subdomain Takeover?

Subdomain takeover adalah teknik untuk mengambil alih subdomain yang sebelumnya terhubung ke layanan pihak ketiga seperti GitHub Pages, tapi sekarang sudah tidak aktif (biasanya menunjukkan status HTTP 404). Jika subdomain tersebut belum diklaim ulang di GitHub, maka bisa kita ambil alih 😈.

🧰 Tools yang Dibutuhkan:

🚀 Step by Step Takeover Subdomain GitHub

1. Siapkan Akun GitHub

Login ke akun GitHub kamu di github.com. Kalau belum punya, daftar dulu ya, brok.

2. Cari Target Lewat Reverse IP

  1. Buka Reverse IP Lookup
  2. Masukkan: grab.github.io
  3. Copy list domain yang muncul

3. Filter Domain 404

  1. Masuk ke httpstatus.io
  2. Paste domain hasil reverse IP tadi
  3. Cari domain yang statusnya 404 Not Found

4. Buat Repository Baru

  1. Di GitHub, klik tanda +New repository
  2. Isi Repository Name dengan nama domain target (contoh: example.com)
  3. Centang “Initialize this repository with a README
  4. Klik Create Repository

5. Upload File HTML

  1. Klik Add fileCreate new file
  2. Isi nama file: index.html
  3. Isi kontennya misal:
<center><h1>Hacked by 0x6ick</h1></center>
  1. Klik tombol hijau Commit changes

6. Setting GitHub Pages

  1. Masuk ke tab Settings repo
  2. Scroll ke bawah ke bagian GitHub Pages
  3. Source: pilih main atau master branch
  4. Isi Custom Domain dengan nama domain target
  5. Klik Save

7. Cek Domain Target

Kalau berhasil, akan muncul pesan:

Your site is published at http://example.com

🎉 Anjay heker:v

🧠 Apakah Masih Work di 2025?

Yap, trik ini udah ada sejak dulu (sekitar 2016–2019-an booming), tapi hingga tahun 2025 ini masih work tergantung kondisi berikut:

  • ✅ DNS subdomain masih mengarah ke GitHub Pages
  • ✅ Belum ada repository GitHub dengan nama domain tersebut
  • ✅ Domain owner belum menghapus custom domain-nya
  • ✅ GitHub masih mengizinkan pengaturan custom domain manual

Intinya, kalau subdomain-nya masih 404 dan resolve ke GitHub — takeover bisa dieksekusi.

⚠️ DISCLAIMER:
This article is made for educational purposes and legal pentesting only. Any misuse of unauthorized parties is not the responsibility of the author. Don't misuse it, brok.😎

"Where creativity, exploitation, and expression collide."

Tags

6ickzone

I've been deep in the world of cybersecurity, crypto, AI, and hacking for years. This blog is where I share my journey, tools, tips, and everything I learn along the way. But beyond code and exploits, there's also rhythm. I'm also exploring the digital soundscape — producing beats, fusing dark tech vibes with trap, drill, and EDM. Music is my second language, and it's where I channel the energy of the underground digital world. From my early days as a defacer to my current focus on ethical hacking and experimental music, I’m building 6ickzone as a hybrid space where hacking meets art. Why 6ickzone? 6ickzone is more than just a blog — it's a realm where hackers, beatmakers, and digital renegades gather. Whether you're here for the tools or the tunes, welcome to the zone.

Post a Comment

Posting Komentar

Lebih baru Lebih lama

Mengenai Saya

Foto saya
6ickzone
I've been deep in the world of cybersecurity, crypto, AI, and hacking for years. This blog is where I share my journey, tools, tips, and everything I learn along the way. But beyond code and exploits, there's also rhythm. I'm also exploring the digital soundscape — producing beats, fusing dark tech vibes with trap, drill, and EDM. Music is my second language, and it's where I channel the energy of the underground digital world. From my early days as a defacer to my current focus on ethical hacking and experimental music, I’m building 6ickzone as a hybrid space where hacking meets art. Why 6ickzone? 6ickzone is more than just a blog — it's a realm where hackers, beatmakers, and digital renegades gather. Whether you're here for the tools or the tunes, welcome to the zone.
Lihat profil lengkapku

Cari Blog Ini

About