One for the risk takers – capturing domains at registrar level
Several months ago when working on a tool I noticed an exploit for capturing live domains.
With only a small days worth of test data containing 100,000 whois records I noticed about 1% of the domains were registered to hotmail accounts. Being bored and curious if people were really this stupid I tried to register some of these hotmail accounts. I immediately found hotmail accounts that were no longer used and took ownership. Worked out about 1/30 hotmail accounts in my listed were dead.
So back to the whois data and to find out who the registrar is. Goddady was the first one I tried, instead of login, go to the forgot password option and give them your new shiny hotmail address. You now have full control of a Goddady account with at least one domain. This isnt unique to goddady or hotmail. Hotmail was just the easiest one to try on mass. Guessing I still have control of these few example domains, would like to give them back but I lost the list. Oops!
Moral of story, whether its hotmail or our own domain never let the email address you use for online accounts expire. Some devious arse stands a chance of capturing that email address. They can simply watch what email comes in to that address and retrieve the passwords for online accounts you have, not just for domain registrar accounts.
