Project 2x: Social Engineering DNS Registration (points vary)
What You Need for This Project
- Some money to purchase a domain
- Ability to tolerate some intrusion into your privacy
Background
Last week the New York Times and other organizations were
hacked
by social engineers who tricked their domain registrars into
changing their website locations.
This project will attempt to study this vulnerability
in a safe manner.
Step 1: Make a New Email Account
Make a new email account on Gmail, Yahoo, or wherever you
like. Use a password you never used anywhere else.
This is important because other students will be
attempting to impersonate you, and they may gain
access to this email account, so don't use
an account with personal data on it.
Step 2: Purchase a Domain
Go to any domain registrar that you are not already
using, such as those on
this list of top domain registrars
Purchase a domain name. Use your real name and the
email address you created for this purpose to
register it.
Step 3: Create a Website
Put a website up on that domain with your name
on it. It can be hosted at the registrar, or
elsewhere.
Step 4: Sign the Consent Form
In class, sign the form below and turn it in.
Consent Form (html)
(doc)
Step 5: Email Your Domain Name
Send your domain name to cnit.40@gmail.com with a
subject of "Proj 2x from YOUR NAME",
replacing YOUR NAME with your own real name.
We will check to see that the domain name has your name
on it, and you will get 10 points for acting as a target.
Step 6: Attack Another Domain
In class, your instructor will give you a target
domain name purchased by another student.
You may attempt to get that domain redirected to
a server you control, by calling the registrar,
sending emails, getting into the official registered email,
etc.
DON'T TAKE ANY ILLEGAL ACTION!
The student who owns the domain has consented to
your attempt to compromise that email and that
domain name, but nothing more, such as Facebook accounts,
etc.
And the domain registrar doesn't know what's going on.
If anything questionable happens, please inform
sbowne@ccsf.edu immediately.
If you actually take over a domain, write up what
you did and email it to cnit.40@gmail.com
You will get more points, lulz, and eternal glory!
Last Modified: 8:22 pm 9-1-13