how do domains get hacked?

[bigmanoren]

I've heard of domains getting hacked - as in, someone comes in and is able to transfer the domain to themselves, and completely takeover or redirect the site. I've even seen domain registrars claiming they battle this or never have the issue, but i know it exists.

How does this happen? Has it ever happened to anyone here? Just curious...

 

[bb_wolfe]

usually it's as easy as gaining access to an email account or system. you WHOIS a domain and you'll see the registrant, administrative, and technical contact emails. gain access/control to one of those, you can initiate a transfer request from your registrar account and authorize it via the compromised email.

Lot more detail to it, but that's a top level explanation of how easy it is.

EDIT: To gain access to email account, first identify where the MX server points. Use tools like NMAP to gain information about what services the target has managing email. Compromise that service.

Of course, physical access to the PC of someone listed as the registrant is the easiest and quickest way. You wouldn't beleive how easy it is to gain access to even CIO level desks during lunch hours or after hours on a cleaning crew. It costs less than $50 for a jumpsuit that looks like your a janitor. From there, it's simply finding a weak minded moron at the company and gaining access to the appropriate area. 9 out of 10 people do not log off their workstations at the end of the day. Janitor in the building/area about 10 minutes after the target leaves is almost guaranteed access to that person's logged in system

 

[Dullspace]

Yep, it's usually theft of the WHOIS admin email.

 

[MDSandB]

I've heard of domains getting hacked - as in, someone comes in and is able to transfer the domain to themselves, and completely takeover or redirect the site. I've even seen domain registrars claiming they battle this or never have the issue, but i know it exists.

How does this happen? Has it ever happened to anyone here? Just curious...

Lord Brar does it. To avoid this happening to you please subscribe urself to his Insurance policy and be a prestigious member of the Domaining forum.:repuke:

Anyways, am learning a lot from his newsletters.:bowdown: Guess he must cover Domain Hijacking in the next edition.

 

[Lord B]

Lord Brar does it.

I do what? LOL I know I am shady but I have never once hijacked anyone's name in my life -- ever. It is illegal dude!

I can do unethical and immoral stuff but not illegal shit.

 

[Juicify]

You can put XSS in the whois info and if someone views your whois while logged in at some registar they could steal your cookie and log in to your account and.....