How I Got 20 points on a Bugcrowd private program.

Abhishek Morla
2 min readMar 13, 2021

Hey its me abhishekmorla , back again with another post regarding Subdomain Takeover.

i came across a private program in bugcrowd.
The scope was *.example.co

So,I quickly open up the tool:
https://github.com/nahamsec/HostileSubBruteforcer and paste the
above site “example.co”

It starts enumerating the subdomains and checking weather it is
possible to takeover that particular subdomain or not.
I got the output as shown in below image:

HostileSubBruteforcer

Seems like family.example.co is an alias for unbouncepages.com”

For the confirmation I open up the subdomain in my browser and it was

“ The requested URL was not found on this server. “

okay…

For more i open up the terminal and type :

host family.example.co
&&
ping family.example.co

and the outputs are:

“family.example.co is an alias for unbouncepages.com
unbouncepages.com has address 1x.1xx.xx.xx7
unbouncepages.com has address 3.x.xx7.xx8 “

“unbouncepages.com (3.x.xx7.xx8)”

that’s enough POC for the reporting.

P2

Thanks For Reading!

LinkedIn : https://www.linkedin.com/in/abhishekmorla/

twitter : https://twitter.com/abhishekmorla

--

--

Abhishek Morla

Security Consultant | CSE Student | Synack Red Team & Yogosha Member | Detectify Crowdsource Member | Prohacker at HacktheBox | 40+ Hall of fame