Sahil OjhaIn this writeup, I will demonstrate an easy subdomain takeover via Shopify that anyone can do by following these steps. Even I had not done a subdomain takeover via Shopify before this.
This is my first writeup on subdomain takeovers, in which I was easily able to claim three subdomains of an organization, put my content on them, and redirect their traffic to my site or any site.
Subdomain takeover is basically when an attacker gains control over a subdomain of a target domain. For example, let's say there is example.com and its subdomain is accounts.example.com.
So, it was a huge target with more than 500 subdomains. I had made a script that scans the subdomains of a target, both active and passive, and then scans for takeovers with a few tools. I supplied target.com to my Virtual Private Server (VPS) for scanning and left it overnight.
The next day, I got results where three of the subdomains were vulnerable to subdomain takeover. I had got a lot of false positives before this, but I do not care about that. I am always fresh when I get a sign of a vulnerability and dig deep into it. I browsed all of them and saw this.
Happy enough at this point! I quickly made a Shopify account, which gives you a 14 day trial to claim any vulnerable subdomain without needing a credit card, and claimed these subdomains, which was indeed a successful attempt.
As I said, it was not just one site. I had got three subdomains in the same condition, so I claimed them as well.
I was also able to redirect the traffic of those subdomains to my recently created Sahil-XX.myshopify.com. I found this stuff very cool. Later, I went home from the office and changed the content of the site, like this one.
Hope you liked reading my content, and feel free to comment if you have any questions.
Peace out!
Sahil