search

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Creative Commons Attribution 4.0 International
4.7k stars 698 forks source link

Frontify #170

Open robotshell opened 3 years ago

robotshell commented 3 years ago

Service name

Frontify

Proof

  1. Execute the tool dig. Example dig example.com:
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41542
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1460
;; QUESTION SECTION:
;example.com.       IN  A

;; ANSWER SECTION:
example.com.    900 IN  CNAME   subdomain.frontify.com.
subdomain.frontify.com. 60 IN A 1.1.1.1
subdomain.frontify.com. 60 IN A 1.1.1.2
subdomain.frontify.com. 60 IN A 1.1.1.3

;; AUTHORITY SECTION:
frontify.com.       172800  IN  NS  ns-1322.awsdns-37.org.
frontify.com.       172800  IN  NS  ns-1591.awsdns-06.co.uk.
frontify.com.       172800  IN  NS  ns-446.awsdns-55.com.
frontify.com.       172800  IN  NS  ns-748.awsdns-29.net.

;; Query time: 90 msec
;; SERVER: 10.10.10.10#53(10.10.10.10)
;; WHEN: Fri Jun 28 04:29:07 EDT 2019
;; MSG SIZE  rcvd: 291

Previous ip addresses and domains have been invented to show example

  1. Enter the subdomain adress in the web browser. Example subdomain.frontify.com. Check if it appears Error 404 like in the image.

  2. Create a free account: Free Trial

  3. Create one project.

  4. Enter to Account Settings menu.

  1. In the Your Frontify Domain field, try the subdomain that we want to take. In the case of our example, we should change company-165332.frontify.com for subdomain.frontify.com.

  1. Upload any file in your project or create a guideline.
  2. Test the result. https://example.com/{path of the file that we have uploaded or guideline} Reminder: the file must have the public view enabled

Documentation

https://help.frontify.com/en/

0xspade commented 3 years ago

I was able to takeover the CNAME but it's not reflecting on the subdomain I want to takeover.

pdelteil commented 2 years ago

I just found a case where I couldn't take the subdomain: 

;; ANSWER SECTION:
example.com.    900 IN  CNAME   domains.frontify.com.
domains.frontify.com. 60 IN A 1.1.1.1
domains.frontify.com. 60 IN A 1.1.1.2
domains.frontify.com. 60 IN A 1.1.1.3

And then

Screenshot from 2021-12-07 14-52-31

Captain0X commented 1 year ago

image Hi ,this domain can we take over?

princsec commented 1 week ago

I am able to take over cname but after that i not able to access cname neither my account fully. when i ask to support they replied that : "Let me explain why you cant use xxxxxxxxxxxxxxx.frontify.com We just use this "intermediate" host name to point your requests to the right load balancers. It is not configured as valid host name on our webservers and therefore results in an empty response with code 204". Last but not least we need the CNAME record as our IP addresses rotate at irregular intervals. The CNAME record is mandatory, and we can't provide fixed IP addresses due to security considerations.