Title: - Lost in the wires. Author: - kshithij "People say that what I did was wrong and I should be ashamed of what I did but after what have been through, I have no regrets of what I have done." 2002, Gujarat a state in India was burning like hell; people were slaughtered in the name of religion. These riots which lasted 3 days had turned half of the cities to ashes. In the middle of this a networking consultant who just took a huge defense contract couldn't complete the work on time and the payment for this contract was stuck in the system for ever. The firm went bankrupt and the poor network engineer had to go and work for low wage jobs. 2007, a boy was crying in one corner of the classroom bullied by a few hardheads. All of this happened as he had the guts to complain to the teacher about the bullies and as expected they gave him a tough time. The system couldn't help the innocent boy. 2010, a boy is caught with a 1 gig drive in a computer science laboratory; he was trying to infect the systems with a recycler virus and the teacher saw. Teacher scolded "what the hell are you trying to do?" the boy stood there without any shame teacher further added "Do you have any idea what you are doing?" The boy was punished. The teacher thought that he taught the student a good lesson but he didn't knew that he had made the mistake of his life. Lets come back to 2015, I was sitting at Chennai domestic airport trying to hack into their wireless network the wifiphisher script which I needed two wireless cards and I was trying to do it with one, I had failed this was not the first for me. But this was not the stupidest thing I had done. 2 years prior I had developed a bash script known as "Cerebro" which was a file handing algorithm which I had sent to Bill Gates' mail id to get some advice and for that I got a 2 page long mail by his opportunity manger explaining me software patents. Sometimes I do feel that either I or Mr. Gates was out of their mind on this. I had started hacking from the 10th grade and it was now my 5th year as a gray hat hacker. I had come a long way from infecting PCs with stupid .bat viruses to hacking websites. I won't lie but at first I was a little hesitant when it comes to websites because of all the stuff which my computer sir used to tell us "when it comes to hacking websites you have a higher probability of getting caught." At that time it was the one thing that freaked me out but it couldn't really hold me from doing it. One day when I was sitting with my friend ray in my college computer science lab when ray asked me if I could hack a website. I thought of giving it a try I opened a new tab in Google chrome, I used the Google dork "inurl:admin.php " and I got a few results the first one was some admin login page of some university I tried the username "admin" and the password "1‘ or '1‘ = '1 " which was one of the most common SQL injection query. After a few seconds ray was shocked too death and was like "what?" I was inside the admin panel of the site. This was the first time I had hacked in front of someone. It was like drinking for the first time. At home my family wouldn't even believe that I could hack sites and I was always the weak root of a massive tree. My family was a just a person short of filling up a small jet. When you have so many people who are best in their field you often get comments like "look at him", "what did you achieve till now?" and other comments, which might give you pain that is a little less than getting shot. Till now I was used to this, I had no real luck with girls as well. My life was a boring one and I had adjusted to that. But it all changed in the summer of 2015….. April 30, 2015, it was 1:45 am. I was up as the insomnia had killed me from the inside; it was at its peak. The network was down and I couldn't connect to the internet. And the insomnia was so heavy on my mind that I decide to borrow my neighbor's connection. So I tuned on Kali Linux virtual machine. And fired up wifite after some 10 minutes it showed me the value of a variable know as key. I had done this a million times but I always used to skip the last step which was connecting and using the network but this time it was different. This time I decide to use this free internet to download Skrillex's live set from ultra music festival 2015. This time I had changed my hat. This was a fair deal for me as my download was complete by 3:00 am which would take me 4 hours even when my internet connection was in its best possible state. The rest of the night was boring as there was no good movie to watch. May 1, 2015, I was looking for the date when my results would be announced on my college's website. There was no notice on the site but just before I closed the tab I decided to see the robots.txt file of my college's site. So I added "/robots.txt" at the end of the URL and as usual I got the list of disallow. After staring at my laptop's screen for a while like it was showing some 18+ content, I jumped "let's try directory traversal attack!" So I saw the robots.txt file to find out files that might have some good content for my entertainment and I noted down a couple of file names. I opened a few tabs and copy pasted the URL into each of them and then I typed in "////"and the filenames with their respective extensions. After a few seconds all these tabs showed me a positive result. I had successfully retrieved files like CHANGELOG.txt, UPGRADE.txt, MAINTAINERS.txt, LICENSE.txt, etc which was the complete maintenance records of the site. These records dated back to 15/1/2001. It was nothing much but it completely overthrew my belief that my college's network couldn't be hacked. I had overridden the method called fear() in my program. I forgot that what I did could spoil my entire life. Fear is the force that limits the capability of all. May 4, 2015, this was my 10th day without a proper sleep I had lost my mind completely. I had a grudge against a fashion designing chick as she had humiliated me in front of my friends and this used to pinch me for the last 3 years. So I decided to play a revenge stunt on her. At 11:45 pm she had posted on her Facebook timeline that her design was up on the institute site. And by 12:00 am site was down. The XSS attack did work properly. And she will be the first person to cry tomorrow morning. I never understood that why don't girls like nerds we are also humans. And I can do much more than breaking a piece of plywood with one hand. If we count the cost of plywood to the price of a corporate website my calculation says that corporate sites are a little more costly then the plywood. So I should get the attention of the girl instead of the dumbbell boy which I never got. My English teacher always said "never judge a book by the cover" but as I remember she always bunked his class. Unknowingly I had entered into the world of hacktivism. May 10, 2015, I was bored to death. I had ordered a SDR dongle that was delayed as my package was stuck at Mumbai customs. Mean while I was looking on different tools installed in Kali Linux. I was causally looking on the different tools I just came across a tool known as wpsan. At first it looked like any other tool in the distribution. As usual I just tired "wpscan --help". It said wordpress scanner. I started scanning a known site which I wanted to hack for a long time. After running the tool twice and it gave me the password. At first I thought "No, it is too easy!" then I thought that I should try logging in with the username and password. So I attempted the lamest act ever I plugged in my flash drive and booted tails then logged into the sites admin panel. I was shocked I never knew that the Indian defense had such a lame password and they used a vulnerable wordpress plug-in. May 16, 2015, someone rang the bell, it was the postman he had brought the SDR parcel. As soon as I got it, I opened the package in a hurry and plugged in the dongle and ran the SDR# at first it was not working then "ping!" I forgot to install the driver. After doing the entire installation procedure which took me 45 minutes then I started the ADSB# from the SDR# package and then ran ADSB Scope which is an interface application. After some 5 minutes I was able to see a few planes on the map. I continued looking on them for the next 2 hours. It was like seeing the stars at night; you could go on looking at them for hours and hours. May 22, 2015, it was just a usual day my parents were out of state for a family function. As the clock struck 12 o'clock someone rang the bell. I attended the door it was a cop. He said that "you are called in for questioning by the cyber cell." I first thought of jumping off the building to the adjacent roof top and get away but I remembered that a bullet from the revolver is little fast when compared. I said "ok" he replied "we will need your personal computer as well", I grabbed my laptop bag. After we reached the headquarters I was asked for submit the laptop to their tech guy. I was then escorted to the questioning room. It was a dark room which had a mirror on one side and one light in the middle with a table and two chares placed on either side. I sat there was 10 minutes before a middle aged man entered the room. He started "I am Virat Singh head of the cyber cell Vadodara" to which I replied. He said "I was called by the Indian Air force to investigate a breach" and further added "we have found that the signal was sent from your area." I said "so you think it is me?" he replied "we checked our records and we found out that Amazon delivered a SDR at your address." I replied "As per your logic you are the suspect for the murder that happened last month because you have a gun." He said "Okay! If you had to hack the WFM network of the armed forces how would you do it?" I replied "why will I need to hack it?" he replied "Let's assume you had to?" I had to do my thing. After I finished he said "The hacker who did it and released the records on the web did it the same way you have described it." I replied "coincidence!" after thinking he opened a file placed on the table he read it out loud "specialization in ethical hacking and cyber security." It was my college records. He said "I am talking to you nicely that doesn't mean that I am a fool." I replied "likewise. " Someone knocked at the door I was the tech guy, he walked in and whispered in agent Singh's ears and then showed a tablet which he brought. Agent Singh "So where were we?" I replied "Fool." He closed my file and said "It has come to my knowledge that you have erased everything from your system." I replied "virus attack!" He frowned "In the last 24 hours?" I replied "yes." He said "As I recall you are the son of the once famous networking consultant, aren't you?" I replied "yes, I am" he further added "you know a fact that 3 of 6 networks in the city are designed by your dad." I said "That's all" he advised "Let me give you a free advice son. You are not supposed to tap into defense networks." I said "I think it would be harmful to hack into the defense network and deface corrupt officers who were trying to sell a guns, isn't it?" he laughed "I am sorry for what happened to your dad but this is not a solution to that, there are a lot of people like him." I was shocked. He said "Our government doesn't have enough money had corrupt officers make it even harder. I will try my best to get this problem to the right guys who can solve it." I replied sarcastically "you will." He said "Don't just throw your life, our government is slow but we also don't intend to harm the citizens." I said "Krama, this nation deserves it." His eyes became moist. He said "you may go." I asked him "One last question." He said "what?" I asked "How did you find out it was me?" he replied "we sent a broadcast frame which detected your device." I came back home by 5 o'clock. I turned on my laptop. I opened my chrome and searched for "hacking tutorials" the first link was Defcon23 I checked the site then I thought of hacking a bank's website to get money to attend the conference. While I was planning my attack, the door bell rang. It was my parents who were back that very second I decided to hit ctrl+alt+delete to my stupid plan. It was not a decision out of fear but it was a decision for the happiness of the people who I cared about. I am still a hacker but not a black or gray anymore. After all I could wait another 4 or 5 years to attend my first Defcon.