Sourav Sahana


Sourav Sahana Uncategorized Root Domain Takeover | HackerOne Private Program

Root Domain Takeover | HackerOne Private Program

Hello Hackers ! Hope everything is fine. Back again with another write up. Hope you will enjoy this…

A company use only a single domain. Multiple domain can be use for internal and external purpose. May be they use different domain for their different product or may be the have a unpublished domain for their limited customer. Could be anything.

Reverse Whois can help you to find those domains. Let’s understand my story. A company runs a private program at HackerOne. I follow this law when I choose a program from HackerOne: “Never go into the Out of Scope but don’t stick only in scope.”

So I started gathering all other domains using reverse whois and found some, they are looks like:,, etc. All of them was redirecting to main domain:

But Found a domain: was redirecting to and further it was going to Guess what? Got an “No such bucket” error.

Immediately I takeover that and reported. And got the bounty. So always check for secret domain. Reverse whois is your VIP friend.

I used this website to find that domain:

Thank you for reading. Stay safe and happy hunting…

1 thought on “Root Domain Takeover | HackerOne Private Program”

  1. anime says:

    This is exactly what i was looking for, thank you so much for these tutorials Gianina Carroll Placidia

Leave a Reply

Your email address will not be published. Required fields are marked *

TopBack to Top