Take Over Any Domain in 2 Easy Steps

Want to hijack a domain name? Ever wanted to “hack” Google and point their domain to a porn website or something equally NSFW? Well it turns out it’s super easy. But besides wreaking havoc and setting up practical jokes there’s a useful case for using this information. Today I’ll show you how to host a domain name without having to buy it. All you need is web hosting with a static IP address.

Practical use

Suppose you have a server but not a domain name to match it. For whatever reason you’re not quite ready to commit to a domain but you’re developing an app to be served on that server. You can assign it a domain name – any domain name you want – without having to pay for it. You could even take over famous domains like Facebook.com or Google.com if you like.

How it works

Whenever you type a URL into your address bar in your browser, a request goes out to a name server which basically matches domain name registrations with the servers they point to. But there are some IP addresses that are off limits to the public and only accessible locally like which points to http://localhost on your own computer. There’s a file on every computer that sets this up and you can use it to override the public DNS system and point any domain to any server.

That file is the /etc/hosts file. So let’s say you have a server running at 123.45.678.90 and you want to be able to type in foo.com to access that server instead of having to remember that IP address. Editing your hosts file will let you do this. Here’s how to do it.

  1. Open a terminal window
  2. Run nano /etc/hosts
  3. At this point you’ll see some entries for localhost and Step 4 will show you how to update your hosts file to achieve your goal.
  4. At the end of the file add the following code:
## You'll see something like this near the top localhost

## Down here, after the default stuff you can add
## custom domain routing in the format of:
## IP-address   domain.tld
123.45.678.90   google.com
## End custom domain routing (so you can track where your changes begin and end)

This code has comments that will make clear what changes you made when you go back to make changes. The first column, the IP address is the server IP that you will be pointing to when called by the domain name in the second column.

The practical use for this is to test out a domain name before you buy it. It won’t actually change the internet’s routing to that domain but on your own computer you’ll be able to hijack any domain for however long you want. Just remember to remove the line of configuration when you want to access the real domain again.

Playing pranks

If you want to mess with someone, changing the hosts file on their computer is a great way to do that. Let’s say you want to prank your friend and make it so that every time they try to go to YouTube they end up at PornTube instead. Here’s how to do it.

  1. Run ping porntube.com (replace that domain with whichever one you feel like) to get it’s IP address (or whois or whatever your favorite program to get an IP address is)
  2. Update your friend’s hosts file following the directions above.

Changing things back

Once you’re finished testing or playing your prank, simply remove the lines you added in the /etc/hosts file and your internet will work the way it always did.

It’s a simple tip that has practical and fun use cases. A side benefit is that it goes along with my previous post about understanding DNS for beginners and will hopefully help you understand those concepts by putting them into practice in this small way. Updating your hosts file is very similar to how registering A records with your registrar works (as explained in my previous post about DNS).

Happy pranking, happy testing. Enjoy yourselves.

Post script

I should have mentioned this earlier but this will only work on POSIX compliant (Unix-like) operatig systems like macOS or Linux. Windows has a similar process but as it’s been so long since I’ve used Windows for development I don’t remember how to do it on Windows.

DNS, Hacking, System administration

« Staying current as a developer Step Away from the Code »