Search This Blog

Wednesday, September 12, 2018

How I traced upsc.gov.in defacer?




The https://www.upsc.gov.in when defaced it was having such deface page which is shown below.



The one who Defaced the website puts this page on the website.
So I started My Work With Keeping 2 Things in my Mind:
1.Image
2.Defaced website

I decided to go with the image first. I downloaded it and did a reverse image search which didn’t yield any information at all 

So ,Now I extracted and enhanced the photo before going any further



A statue is visible in the background wearing a cap which is often worn by Muslims. He also seems to be holding a book. So My first guess was Pakistan. So I did a simple google search and didn't Find Similar to this Statue Image,

But when i Did a Long search then i Got the same image which was hiddenly Shown in Deface Page.



As we all can see the highlighted image matches the concerned statue. So I visited the webpage where this image was posted and it turned out be a lot more informative than I thought:



and as you all can see this image is of Jamia Milia Islamia which is a public central university in Delhi.

So Till now Founded the Place where the Defacer took his Photograph, Now its time to Find the Person Who Did this Deface.

Defacers often brag on facebook. so I searched for “http://upsc.gov.in” to see if anyone has posted about it but it didn’t help.

Then I searched the phrase “pick up the call doraemon” as seen on the deface image, didn’t work. And then I finally searched “stewpeed”, Bcoz on the Deface page This Word Also Written at the bottom.

and the first result was this:-



This post has nothing to do with the deface but I opened the profile curiously and i got it.


To make sure he was the one, I went through his timeline, reading comments and everything which made it crystal clear.

The screenshot posted by him tells us more than it should

The open tabs are interesting. 

1.One is web hosting page, 
2.Other have B374k 2.8 which turns out to be a webshell, 
3.another is a base64 encoder/decoder that he might have used to base64 the image or the webshell.

His bookmark tab showcases his next targets which are some other well known educational institutes of India.

So Now, we Started Through his facebook to Find all his Information and after a couple finding all the information started reveling.

Starting with his college name


We know what is he doing in studies


His father’s name


And where he lives


That’s pretty much it.


I am posting this with the intention of exposing him so Indian authorities can take legal actions against him.

Remember kids, picture is worth a thousand words ;)


Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment