Project 2x: Social Engineering DNS Registration (points vary)

What You Need for This Project

Background

Last week the New York Times and other organizations were hacked by social engineers who tricked their domain registrars into changing their website locations.

This project will attempt to study this vulnerability in a safe manner.

Step 1: Make a New Email Account

Make a new email account on Gmail, Yahoo, or wherever you like. Use a password you never used anywhere else.

This is important because other students will be attempting to impersonate you, and they may gain access to this email account, so don't use an account with personal data on it.

Step 2: Purchase a Domain

Go to any domain registrar that you are not already using, such as those on this list of top domain registrars

Purchase a domain name. Use your real name and the email address you created for this purpose to register it.

Step 3: Create a Website

Put a website up on that domain with your name on it. It can be hosted at the registrar, or elsewhere.

Step 4: Sign the Consent Form

In class, sign the form below and turn it in.

Consent Form (html)     (doc)

Step 5: Email Your Domain Name

Send your domain name to cnit.40@gmail.com with a subject of "Proj 2x from YOUR NAME", replacing YOUR NAME with your own real name.

We will check to see that the domain name has your name on it, and you will get 10 points for acting as a target.

Step 6: Attack Another Domain

In class, your instructor will give you a target domain name purchased by another student.

You may attempt to get that domain redirected to a server you control, by calling the registrar, sending emails, getting into the official registered email, etc.

DON'T TAKE ANY ILLEGAL ACTION!

The student who owns the domain has consented to your attempt to compromise that email and that domain name, but nothing more, such as Facebook accounts, etc.

And the domain registrar doesn't know what's going on.

If anything questionable happens, please inform sbowne@ccsf.edu immediately.

If you actually take over a domain, write up what you did and email it to cnit.40@gmail.com

You will get more points, lulz, and eternal glory!

Last Modified: 8:22 pm 9-1-13