Green Text on Black Background is not Hacking

Opinion on Script Kiddies « Null Byte :: WonderHowTo

So There is someone who is claiming to have hacked NITW database. Here is the link:


https://telegra.ph/National-Institute-of-Technology-Warangal-All-data-is-compromised-hacked-and-tampered-now-05-20





Ah Looks like a legit dump to us.So we think of researching a bit about it.

So our team started analyzing this.

Since the person haven't shared about the shell he got, that's raising red flags.

This post on 20 May 2020, and on further analysis of all the pictures posted, it is clearly visible that the creation time is the same. Maybe due to the website tempering with EXIF data.


The person is claiming to have hacked one account and also shared Screenshot.


On analyzing the Breached Data we found the clue what we are looking for,


Almost all accounts have a common Breach of Passwords and email from this:


Anti Public Combo List

Exploit.in


Now only one clue left, Where did this guy get these dumps


We asked in a few groups about the Dumps and.....

Hurray! We got a clue...


There is a website in the dark web which updates the breached and compromised data 


Which means from any breach till Jan 2020(as far as we know) can be found here.

Seems pretty easy the passwords which this site has is clear text and prints out that in JSON format.



Now another assumption is maybe the guy used a python script to get that data in terminal like that.

The most horrific thing that our team got is the data of many breaches are on the dark web for free. We recommend everyone to visit https://haveibeenpwned.com/ to check about leaks.


Now it's the time to test the data we got.



Here we got the list. We checked the list almost all names what that person mentioned was their plus few more names.

We recommend these two students to change the password. Our team got the data from two students only.
We can't share links since the site is very harmful.
This is not it, our team also checked raid forum about the recent leaks. Thankfully many are hashed.
One more assumption we can make is:-

One more assumption we can make is:-

The password was seen 63,618 times so the account has a common password.


Since the author doesn't share anything about getting a shell. The assumptions our team made are pretty strong. The author of the post is a script kiddie and clearly a fraud.

We guess the author made a publicity stunt by showing off what he can do.


Conclusion:-


The post is nothing but a hoax and the author is mere an attention seeker script kiddie. Our student developers and faculty won't leave such severe vulnerability. To add more security to it all passwords stored in the database are hashed.


To the author:- If you think what we say was incorrect, prove us and if you continue doing such things your infosec career will definitely vanish sooner. If you are interested in hacking, please don't waste your time doing such things.

PS : The WSDC Server has been intentionally put Offline for Auditing and hasn't been hacked. Please keep Faith on the Developers and Team Cybsec. We're working day night to maintain ourselves as cybersecure.

Comments

Post a comment

Popular posts from this blog

Exploiting GhostCat(CVE-2020–1938)

TigerKing CTF Writeup