TakeOver Subdomains Pointing To Strikingly

Introduction

At first there no thing especial about this article, it only illustrates steps to takeover subdomains pointing to strikingly and not registered on it or expired as I see that no one has written about this before.

Strikingly is one of the best website builders for one page websites with a lot of good features. If you’re not familiar with one page websites, they are long websites where clicking the navigation scrolls you up and down the page.

Signs to look for

While scanning Subdomains for a website, I have seen -for the first time- a subdomain with the a CNAME DNS record pointing to “subdomain.example.com.s.strikinglydns.com” .

Visiting this subdomain resulted in the following error page :

response page for vulnerable subdomains

So if you have encountered this, then you are in front of a subdomain takeover.

Steps to create the Proof Of Concept:

1. Go to https://www.strikingly.com and register a free trial account.
   Note! Only PRO subscriptions are allowed to add custom domains so after creating an account update for a PRO trial with your credit card.
2. From the dashboard page, click CREATE NEW SITE button.
3. choose a template, the editor will be opened, have fun with it till you prepare your special POC.
4. From the Side bar, click Settings then Domains, put the vulnerable subdomain and update.

adding the vulnerable subdomain to your site

5. Now Publish your site and the subdomain has been successfully taken.

Note !

if you encountered this response this means that the subdomain is registered and not vulnerable, just the associated site is not published yet.

a not-vulnerable response

Finally you can watch this video for the steps to create the POC :
https://www.youtube.com/watch?v=K4EWrVHw2fw&t=198s

THANKS,