Need Help:Azure websites subdomain takeover


I got error screen for microsoft azure when pentesting private website.
But doesnt find how to takeover azure domains.
Can anybody guide me.



Hi @himanshu0001,
it’s very difficult to help you without more information.
From what I understand you found a subdomain which has a CNAME entry pointing to and is not claimed.
It seems that it’s possible to take over. This may be helpful:


Yes bro i found 2-3 different websites with same error but unable to claim that …i followed the Can i take over xyz guide but stuck at the following command for creating python web app.


az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name <app_name> --runtime “python|3.4” --deployment-local-git

Whats should be replace in place of <app_name> …



I never worked with Azure. But here is the answer from the guide you shared:

In the Cloud Shell, you can use the az webapp create command. In the following example, replace <app_name> with a globally unique app name (valid characters are a-z, 0-9, and -). The runtime is set to python|3.4. To see all supported runtimes, run az webapp list-runtimes.

Also, maybe put the example from as the <app_name>. Because I assume Azure uses the application name you choose to create the public address *

Take your time to read and re-read. I know it’s not the most enjoyable thing, but there is not other way to learn (at least when just text is available).