How to hack any subdomain. subdomain takeover

 

In previous Tutorial we talked abouthow to scan and find any subdomain.  Now we will Talk about how to hack or hijack any subdomain and make control over it. For that we need to find dead subdomains of any domain that is currently not set with any cpanel, Then we can takeover that subdomain and make control over it.

Now in this tutorial we will discuss how to find vulnerable subdomains, and how to hijack subdomains

What is aquatone:-

AQUATONE is a set of tools for performing reconnaissance on domain names. It has basically three commands. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.

 

Aquatone has basically three commands:- 

aquatone-discover

aquatone-scan 

aquatone takeover

 

How to hack any subdomain in kali linux:-

  • Open kali terminal

 

  • Type  Apt-get install ruby    (To install ruby type this command or just install ruby in your linux)

 

  • Now type sudo gem install aquatone(If you are using older version of linux you don’t need to run sudo you can directly install aquatone)

How to hack any subdomain

 

  • After successfully installing aquatone. now you can run type sudo aquatone-discover -d hiquik.com --disable-collectors dictionary

(-d after that write your domain name to scan)

How to hack any subdomain

  • After scanning all subdomain scan for open ports type sudo aquatone-scan -d hiquik.com 

How to hack any subdomain

  • Now to find vulnerable Subdomain type sudo aquatone-takeover -d hiquik.com

How to hack any subdomain

 

(If any subdomain is vulnerable it will display cname and etc You can scan for your target website may be you got vulnerability. thanks for reading commwnt below if you face any problem:-)

 

How to hack subdomain using windows:-

  • First of all you need to install ruby installer.  download and install it
  • After that open windows command promote (cmd) and type gem install aquatone

How to hack any subdomain

  • After successfully installing aquatone. now you can use same command.  aquatone-discover -d facebook.com --disable-collectors disctionary

How to hack any subdomain

  • Type aquatone-scan -d facebook.com 

 

  • Now you can run aquatone-take0ver -d facebook.com    to takeover vulnerable subdomains 🙂 🙂