Hundreds of hundreds sub-secdomains hack3d! (including Hacker0ne)

Ak1T4
Ak1T4
Mar 28, 2017 · 2 min read

The last month was something interesting, looking to takeover some subdomains at HackerOne i found one that took my attention, was info.hacker.one . The dns was pointing to unbouncespages.com a landing pages app services. Looking at the API i try to add the hackerone domain, but when i try the output was: “domain is already claimed”.

Well.. i try to find another way to bypass this, for hours looking enpoints, trying with different requests and changing some params, i could hack & bypass the filter domain, this hack gives me the power to add any domain managed by the dns of unbouncepages.com.

Well.. at this time info.hacker.one was hacked!

Image for post
Image for post

Looking unbouncepages servers i decide to do a Reverse Dns to 54.225.142.127 and see which others domains could be compromised with this bypass.. For my surprise hundreds of subdomains appears! some of few domains are list here:

Image for post
Image for post
Image for post
Image for post

(With some google dorks i’veen able to locate more domains under this service)

(In the complete list are domains like payoneer.com, fiverr and others important companies compromised)

The bounty:

Image for post
Image for post

Details of HackerOne Report here: https://hackerone.com/reports/202767

Thanks to HackerOne for the awesome plattform and special thanks to all tha amazing hackers who inspire me to improve every day:

  • Peter Yaworsky
  • Nahamsec
  • Yassine aboukir
  • Zseano
  • Frans Rosen

HAPPY HACKING! by ak1t4

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Ak1T4

Written by

Ak1T4

WhiteHat Hacker Zen Monk & Bounty Hunter

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Ak1T4

Written by

Ak1T4

WhiteHat Hacker Zen Monk & Bounty Hunter

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store