1
00:00:01,580 --> 00:00:02,510
Hello, everyone.

2
00:00:03,290 --> 00:00:11,090
So in this video, we are going to see how we are going to perform a subdomain takeover onto Shopify

3
00:00:11,090 --> 00:00:12,480
hosted domain.

4
00:00:13,190 --> 00:00:23,480
So as of now, you must be aware that there are many services, cloud providers like AWS and GitHub,

5
00:00:23,840 --> 00:00:28,750
Shopify, Tumblr, Zendesk, Fastly, etc..

6
00:00:29,600 --> 00:00:37,340
So for this specific video, we are going to see, first of all, how you can identify the subdomains

7
00:00:37,340 --> 00:00:43,250
of any particular target after enumeration of the subdomains.

8
00:00:43,580 --> 00:00:52,700
You are going to identify if any of the subdomain is vulnerable to a subdomain take-over and if any of

9
00:00:52,700 --> 00:01:02,480
that domain is pointing to Shopify  IP or is never been claimed onto the Shopify cloud environment,

10
00:01:02,910 --> 00:01:09,080
then we are going to claim it and successfully perform a subdomain take over.

11
00:01:10,520 --> 00:01:19,220
So let's quickly see the practical of how you can take over if any of the subdomains or IP addresses

12
00:01:19,220 --> 00:01:23,210
are pointing to Shopify and are not being claimed.

13
00:01:26,450 --> 00:01:34,970
All right, so for this video, I am logged into my control panel of the website, which is srsecure

14
00:01:34,970 --> 00:01:36,130
.xyz

15
00:01:36,740 --> 00:01:47,930
So to show a simulated environment of taking over Shopify subdomain, I have myself created a subdomain

16
00:01:47,930 --> 00:01:49,600
onto this website.

17
00:01:50,180 --> 00:01:58,160
Now I will just move ahead to my DNS settings, and I have created a subdomain which you can see over

18
00:01:58,160 --> 00:01:58,520
here.

19
00:01:59,090 --> 00:02:08,210
So the subdomain is shifashopify.srsecure.xyz and I have created this domain

20
00:02:08,210 --> 00:02:13,040
and pointed this particular domain to this specific IP address.

21
00:02:13,640 --> 00:02:22,750
Now to verify to whom this IP address points, we can just do a whois and put the IP address and hit

22
00:02:22,790 --> 00:02:27,880
enter and you will come to know this IP address points to Shopify.

23
00:02:29,180 --> 00:02:36,840
Now you may ask that we are able to see this into the DNS settings of the particular server.

24
00:02:37,250 --> 00:02:40,860
This is only is visible to the admin.

25
00:02:41,270 --> 00:02:49,910
Now, how is this visible to a user or a security researcher so far that we are going to enumerate all

26
00:02:49,910 --> 00:02:57,140
the subdomains of srsecure.xyz, and from there we are going to identify one of the domain

27
00:02:57,140 --> 00:03:00,740
which is pointed to Shopify, as you can see, or here.

28
00:03:01,250 --> 00:03:05,930
So for this, we are going to download this tool, which is a sublister.

29
00:03:06,290 --> 00:03:14,680
This tool is a fast subdomain enumeration tool for penetration testers, one of the most used tool into

30
00:03:14,690 --> 00:03:15,950
the infosec industry.

31
00:03:16,860 --> 00:03:24,080
Remember, this tool is written in Python and it will only work once you have Python installed into

32
00:03:24,080 --> 00:03:24,780
your computer.

33
00:03:25,490 --> 00:03:30,520
So this tool is compatible with Python two and Python three both.

34
00:03:30,530 --> 00:03:36,990
So in case you have any specific version of Python installed into a computer, then you're good to go.

35
00:03:37,640 --> 00:03:38,080
All right.

36
00:03:38,210 --> 00:03:40,100
So the first step is the installation.

37
00:03:40,110 --> 00:03:44,330
So we are going to copy this and paste it into your terminal.

38
00:03:44,640 --> 00:03:50,840
Basically, we are doing the git clone and we are downloading all the resources required, which you

39
00:03:50,840 --> 00:03:53,720
can see or hear into our computer.

40
00:03:55,390 --> 00:04:00,250
So I'm just going to copy this, go to my terminal and I'm going to paste it.

41
00:04:01,620 --> 00:04:04,900
So let me just clear the screen and I'm going to paste over here.

42
00:04:05,370 --> 00:04:12,780
What does this do as it is going to download the sublister repository and all the necessary tools into

43
00:04:12,780 --> 00:04:15,370
my computer as I already have it?

44
00:04:15,450 --> 00:04:17,550
I'm not going to download it again.

45
00:04:17,820 --> 00:04:20,060
And let me show you how does it looks like?

46
00:04:20,970 --> 00:04:25,860
As you can see, these are the files which will come into your computer.

47
00:04:26,600 --> 00:04:33,000
Now, the first and the most important thing that you have to do is you have to install the requirements

48
00:04:33,000 --> 00:04:34,330
dot txt file.

49
00:04:34,680 --> 00:04:43,590
So far, this you simply need to type pip install hyphen R, which means read the file, which is requirements for txt.

50
00:04:45,000 --> 00:04:50,660
Now, remember, when we are doing any installation, we need some privileges.

51
00:04:50,700 --> 00:04:54,810
So we are going to run this command as pseudo and hit enter.

52
00:04:55,200 --> 00:05:03,540
It may ask you for the password supplied the right password and it will install all the necessary dependencies

53
00:05:03,810 --> 00:05:04,890
which are required.

54
00:05:05,220 --> 00:05:11,880
As you can see, it has installed already the dependencies into my computer, so it did not take time.

55
00:05:12,180 --> 00:05:15,210
It may take some few seconds for you to install.

56
00:05:15,900 --> 00:05:17,870
Now let me clear the screen again.

57
00:05:18,540 --> 00:05:25,020
And after we have successfully installed all the dependencies, we are going to run this particular

58
00:05:25,020 --> 00:05:26,190
tool, which is sublister.

59
00:05:26,670 --> 00:05:34,700
So let's quickly take Python and the tool name and hit enter to see if this works fine or not.

60
00:05:35,190 --> 00:05:41,220
And you can see it has started successfully and we are able to see the banner for this particular tool,

61
00:05:41,520 --> 00:05:49,140
which shows that there is no error into the installation and we have correctly set it up, this particular

62
00:05:49,260 --> 00:05:53,290
tool now how to use this tool.

63
00:05:53,310 --> 00:05:59,580
We are going to see it into the next video and identify the subdomains for that specific target.