The untold story: How I caught a hacker & I got suspended from school
The most adventurous event in my life
28th December, 2018
I was surfing with google dorks to find vulnerable sites. While scrolling along the search results, I found a hacked site. When I opened that site, It says, Hacked by ****** & other stuffs that looked cool.
Then I tried to figure out how was the site hacked. For this I brute-forced admin panel, looked for robots.txt. I then fired up acunetix from school computer lab & scanned the sites. There was no firewall to block me. Its admin panel link was indexed in google so I got it using google dorks. There was noting juicy in robots.txt. I found open ssh port. I tried to exploit it but couldn’t. Then I got an easy bug from acunetix results. I easily got access to the site as admin. Then I uploaded a web shell to work as backdoor in future & changed its permission to 777.
Next day,
When I was viewing the files in the site, I found that the hacker(s) had renamed the real source code of the site as index1.html and their deface source code as index.html. I deleted index.html and renamed index1.html as index.html. I also removed their .htaccess files and their backdoor web shell. Now the site is fine.
I planned to try to access c panel & moved for it. Boom! the credentials were defaults which was very rare case. After I accessed the c panel, I went to see logs & deleted those logs which included data regarding me. I found that hacker(s) didn’t deleted their logs. I got a green signal here. It looked like the hackers weren't well-experienced. He/She hadn’t carried out any preventive measures. Then I obtained hacker(s)’ sensitive data including ips and other info.
After getting juicy info, I planned to trace him/her/them down. I know that it is very very hard to find exact location from just IP. However I thought to give it a try. Then I opened shodan & searched for the device. I used some IP Tracer to find precise location. I was shocked to see the result. It showed the location to be Nepal, my country. I didn't believe it & thought that it might be some errors. So, I used alternative trackers, which showed the same result. I too found few juicy info. From deep scan I too found the city, Pokhara. Again it is the same city where I am.
This made me too excited to get to the hacker(s). But my challenge was that it is almost impossible to find out exact location in Nepal because of poor GPS system in Nepal and others factors. Then I started thinking the ways to get to him/her. I had only few info.
Where there is a way, there is a way. After thinking about the way, I got one. Its a secret but I will just tell a few about the way I found out. It might seem to be fake but it works. I used WiFi-map for this purpose, seriously! I had already got access to a ISP of Nepal (I won’t mention its name). It was so called the most fastest and most area covered ISP in Nepal. It seemed weird that the top level ISP of my country is under my control, but its true. I already mentioned that I won’t tell everything about anything to anyone.
I used the ISP to search for the IP & got it. I got full info about the network on which the ip was connected to at that time, device info and other many juicy info including personal info of the WiFi owner. At that time I was very happy. Plus I realized how easily our ISP can get full details about their customers. The location was Lakeside, Pokhara. I already obtained WiFi name and its credentials where the hacker was connected to. I took a nap with happy mood and wake up with a thought to go more deep and meet the guy.
Since I was in hostel, it was a challenge for me. In every person, there is a evil part in mind. At this moment, that part was scratching my mind. I planned to bunk the hostel and aaj kuch tufani karte hai. I planned to bunk the hostel tomorrow evening. I wasn’t sure up to when the public buses will be available on street so I planned to move a little earlier. I hadn’t told anything about my plan to anybody.
Although mobile was completely prohibited in hostel, I used mobile and school’s computer up to this step. From now onward, I will be needing a laptop to proceed which I didn’t had in hostel. So, I contacted one of my friend who was out of the hostel and ask him to let me use his laptop for tomorrow night. I told him about the time when I will come his home to take laptop and told him that I will leave laptop at his door tomorrow morning ’cause I can’t disturb his sleep to return his laptop on his hand. He agreed and I awaited for tomorrow.
Its New Year and I have something special to do tonight with a huge risk of being expelled from school, if I got caught. At around 7:30 pm I bunked school through walls and went to my friend by bus. I received his laptop. I already had required files and tools in my pen-drive which made me easy. I then moved to the hacker’s location. As expected there were a lot of people for new year eve celebration. The streets were full of peoples and vehicles.
I went to the location of WiFi, connected to it,scanned for devices. I used metasploit to exploit the hacker’s device & success-ed. I backdoor-ed the device and setup a listener. It looks simple but took me 1.5 hours for it, staying at a hotel where the target WiFi was accessible. During the hack, I received a call from a unknown number. I answered it, the caller told that he is my teacher and asked me where am I and warned me to return hostel as soon as possible.I thought how would my teacher know my number. I thought my friends might found me missing in the hostel so they are doing prank with me. so I replied them with crazy stuffs to crash their prank. Later I received a message from my school’s Vice principle stating, “Prabesh, where are you? return as soon as possible.” I had saved his phone number in the past.
I got busted. Immediately after that one of my friend in hostel called me and told me that I am busted. I told him to handle the situation but he told that the situation in out of hand. As they all think that I bunked hostel for new year eve celebration, I told them, “jasai fassiyo, aba ekxin ramailo garerai aauxu”. I know this a crazy reply but I was out of my mind at that moment. However I continued my hack until I got access. My plan to meet the guy remained incomplete because of the situation. I too wondered around the place to see the celebration. Then I left the laptop at my friend’s door safely after clearing every single traces. Now at around 2 am, I returned to school and slept in my own bed.
As expected, tomorrow morning, I was suspended for 4 days for the bunk. I didn’t told anyone why actually bunked except from writing here. All thought that I bunked for celebration and I let them to think the same. While I was on suspend days, I used port forwarding to access the listener, I setup in hacker’s device. I got connected to his/her PC from my home. I had full control over his/her PC. I looked over files, found nothing interesting. While making live screen streaming, I found something interesting which I won’t mention here because I don’t trust anyone. I won’t even tell weather the hacker is he or she (who am I kidding, ofc its a boy). I got many details about his/her small group. They use to chat using free-node IRC and encrypted texts. They were much more talented but they didn’t removed their traces. Did they want me to see them or what? This question still strikes my mind. Good thing is that I am learning many new things from them secretly.
No, I don’t think that I will tell this to police ’cause its worthless. But, I am planning to get them arrested after I learn almost everything they know and they become useless to me; just like a villain does to people. lol
This is the end of the story. Of course, this story isn’t completely real. I added some extra flavors to spice up the real story. This is technically based on a true story but has also been heavily fictionalized for entertainment purposes.
