How I was able to takeover 3 Subdomains of an Organization via Shopify?

Hey mates, back with a new writeup 🐱‍💻 !

In this writeup, i will be demonstrating about an easy “Subdomain Takeover via Shopify” that anyone can possibly do following these steps. Even i had not done subdomain takeover via Shopify before this.

This is my first writeup on subdomain takeover in which i was easily able to claim 3 subdomains of an organization. Put my content on it and redirect their traffic to my site or any site.🐱‍💻

Subdomain takeover is basically when an attacker gains control over subdomain of a target domain. For example- let’s say there is example.com and it’s subdomain is accounts.example.com. Here, i was able to control accounts.example.com and put any content on it which is an asset of example.com.

So, It was huge target with subdomains more then 500. I had made a script that scans the subdomains of target(both active and passive) and then scan for takeovers with few tools. So, i supplied target.com on my VPS for scanning and left it overnight.

Next day, i got results where 3 of subdomains were vulnerable to Subdomain takeover. I had got lot’s of false positive before this but i don’t care about it. I am always fresh when i get sign of vulnerability and dig deep into. I browsed all of them and saw this.

Fig: Shows that this subdomain is vulnerable

Happy enough at this point! I quickly made a Shopify account which gives you 14 days trial to claim any vulnerable subdomain without needing credit card and claimed these subdomains which indeed was a successful attempt.

Fig: Claiming vulnerable subdomain as mine

As i said, it was not just one site. I had got three subdomains in same condition. So, claimed them as well.

Fig: Connected all three subdomain and redirected 2 of them to my main site

I was also able to redirect the traffic of those subdomains to my recently created Sahil-XX.myshopify.com. I found this stuff very cool. Later i went home from office and changed the content of site like this one. LOL😂

Fig: Takeover successful

Hope you liked reading my content! See you next time.

Peace Out !!

Connect with me on twitter: https://twitter.com/SahilOj

Shout out to my friend Shankar for motivating me throughout the takeover process. LOL😂