Sourav Sahana

@pocdork

Sourav Sahana Uncategorized Root Domain Takeover | HackerOne Private Program

Root Domain Takeover | HackerOne Private Program

Hello Hackers ! Hope everything is fine. Back again with another write up. Hope you will enjoy this…

A company use only a single domain. Multiple domain can be use for internal and external purpose. May be they use different domain for their different product or may be the have a unpublished domain for their limited customer. Could be anything.

Reverse Whois can help you to find those domains. Let’s understand my story. A company runs a private program at HackerOne. I follow this law when I choose a program from HackerOne: “Never go into the Out of Scope but don’t stick only in scope.”

So I started gathering all other domains using reverse whois and found some, they are looks like: company-int.com, corpcompany.com, etc. All of them was redirecting to main domain: company.com.

But Found a domain: com-pany.com was redirecting to www.com-pany.com and further it was going to www.com.pany.com.s3.amazonaws.com. Guess what? Got an “No such bucket” error.

Immediately I takeover that and reported. And got the bounty. So always check for secret domain. Reverse whois is your VIP friend.

I used this website to find that domain: https://viewdns.info/reversewhois/

Thank you for reading. Stay safe and happy hunting…

1 thought on “Root Domain Takeover | HackerOne Private Program”

  1. anime says:

    This is exactly what i was looking for, thank you so much for these tutorials Gianina Carroll Placidia

Leave a Reply to anime Cancel reply

Your email address will not be published. Required fields are marked *

TopBack to Top