Subdomain Takeover

• Using Subjack**subjack -w <Subdomain List> -o results.txt -ssl -c fingerprints.json**

• **The next step is to see where this domain is pointing to so we can try to take it over.****`dig

• Nuclei-Template takeovers

• https://0xpatrik.com/takeover-proofs/ | https://github.com/EdOverflow/can-i-take-over-xyz

• Subdomain Takeover Write_ups

  • How I bought my way to subdomain takeover on tokopedia

  • Subdomain Takeover via pantheon

  • Subdomain takeover : a unique way

  • Subdomain takeover awarded 200

  • Subdomain takeover via Hubspot

  • Souq.com subdomain takeover

  • Subdomain takeover : new level

  • Subdomain takeover due to misconfigured project settings for custom domain

  • Subdomain takeover via unsecured s3 bucket

  • Subdomain takeover worth 200

  • How to do 55000 subdomain takeover in a blink of an eye

  • Subdomain takeover Starbucks (Part 2)

  • Subdomain takeover Starbucks

  • Uber wildcard subdomain takeover

  • Bugcrowd domain subdomain takeover vulnerability

  • Subdomain takeover vulnerability (Lamborghini Hacked)

  • Authentication bypass on uber's SSO via subdomain takeover

  • Authentication bypass on SSO ubnt.com via Subdomain takeover of ping.ubnt.com

• ==Top Subdomain Takeover reports from HackerOne:==

  1. Subdomain Takeover to Authentication bypass to Roblox - 718 upvotes, $2500

  2. Subdomain takeover of datacafe-cert.starbucks.com to Starbucks - 302 upvotes, $2000

  3. Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com to Uber - 165 upvotes, $5000

  4. Subdomain takeover of storybook.lystit.com to Lyst - 155 upvotes, $1000

  5. Hacker.One Subdomain Takeover to HackerOne - 152 upvotes, $1000

  6. Subdomain takeover at info.hacker.one to HackerOne - 130 upvotes, $1000

  7. Multiple Subdomain Takeovers: fly.staging.shipt.com, fly.us-west-2.staging.shipt.com, fly.us-east-1.staging.shipt.com to Shipt - 126 upvotes, $900

  8. Subdomain takeover of mydailydev.starbucks.com to Starbucks - 120 upvotes, $2000

  9. Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com to Starbucks - 119 upvotes, $2000

  10. Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com to Grab - 116 upvotes, $1000

  11. Subdomain takeover on http://fastly.sc-cdn.net/ to Snapchat - 108 upvotes, $3000

  12. Subdomain takeover on svcgatewayus.starbucks.com to Starbucks - 105 upvotes, $2000

  13. Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record to Starbucks - 103 upvotes, $2000

  14. Subdomain takeover on usclsapipma.cv.ford.com to Ford - 97 upvotes, $0

  15. Subdomain takeover of resources.hackerone.com to HackerOne - 94 upvotes, $500

  16. Subdomain takeover of fr1.vpn.zomans.com to Zomato - 89 upvotes, $350

  17. Subdomain takeover on wfmnarptpc.starbucks.com to Starbucks - 86 upvotes, $2000

  18. Subdomain takeover of v.zego.com to Zego - 83 upvotes, $0

  19. Subdomain Takeover at creatorforum.roblox.com to Roblox - 81 upvotes, $1000