Subdomain Takeover

Practical Lab Proudly Present by Initd Community

Let's Get started

Who we are ? (InitD Community)

The name of our community would be initD indicating a daemon process that continues running until the system is shut down. So our community will be the direct or indirect ancestor of all kinds of knowledge that will be shared among us. Our community will include sharing of knowledge through hands-on sessions, Capture the Flags(CTF) and lot more. The main aim of our community is to share an InfoSec Knowledge to all and motivate beginners to build something. It may include any open source project such as application, website etc.

What is Subdomain Takeover Lab?

Subdomain takeover vulnerabilities occur when a subdomain ( is pointing to a service (e.g. Amazone S3, GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain. For example, if was pointing to a GitHub page and the user decided to delete their GitHub page, an attacker can now create a GitHub page, add a CNAME file containing, and claim

InitD Community

Rules of Playing

Its Free, But you have to follow some rules for fair playing and learning purpose.

  • Do Not use this as illegal purpose.
  • Once You Takeover Subdomain, You'll get a Confirmaiton E-mail. After Confirmation mail Free that Subdomain for others.
  • Post your Screenshot on Twitter with #SDTakeoverLab #Initd and cc to initd_sh
  • Do not Host any Advertisment,Pronography and Abusing Content on any of subdomain.

Steps Of Playing ?

Please Follow Below Steps.

Claim and Get Unique Value for Your Sudomain.

Let's Verify your Sudomain have you hacked ?.


Slack Help Channel