Here is how and why Angaraag Mahanta's official Facebook Page was Hacked



On 23rd January I woke up in the morning and as usual I was scrolling through my facebook feeds. I saw few spammy links getting shared from the official facebook page of Angaraag Mahanta. For those of you who don't know,  Angarag Mahanta, known by his nickname Papon, is an Indian singer, composer and record producer from Assam. He is the lead singer and founder of the folk-fusion band called Papon and The East India Company. He recently won Best bollywood playback singer for the song "Moh Moh Ke Dhage" – Dum Laga Ke Haisha.

At first I thought why would he shared such links? and when I saw that few more links of the same website is getting shared, I was sure that either his page got hacked or it was infected by some malicious app.


Few hours later and more links of the same domain ( laughwithvoice.com ) were getting shared. The situation was getting worse as mostly NSFW contents were getting shared.

Here are few of the post which were shared on the page.





So I reached out to Angaraag Mahanta to know what exactly is happening. It turns out that I was right. His facebook page got hacked and the hacker removed Papon from being the page admin.

Here is the tweet that he made after his page got hacked.


How The Account Was Hacked ?


The hacker did a phishing attack to get the email ID and Password of the personal facebook account that was used by Angaraag Mahanta. 

Phishing is a form of attack in which the attacker tries to get information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details. 

Generally in phishing attack, the attacker makes a fake login page which looks exactly same as a legitimate one, only the URL of the page differs. The only way to know if the page is a genuine one or fake is is by looking at the URL.

But here the case was different. Here the attacker did not create a login page in some other URL. To make it look more genuine, the hacker created a facebook app and hosted the phishing page inside it. So the link appeared as http://www.apps.facebook.com/xxxxxxxxxx

After looking at this link, most of the people will be convinced that its genuine and not a fake one.

Here is the phishing page that was used to get the email and Password of Angaraag Mahanta.



As you can see it is a well crafted phishing page and a non technical person can never make out that its a phishing page.

Why The account was Hacked ?


The account was hacked mainly for profit and earning money. After his page was compromised, many news channels thought that may be some rivals of him might have done it. But I have a different theory.

Even After getting full access to the page, the hacker did not write anything against him on the page. All he did was, shared links of a particular site ( laughwithvoice.com ) . According to me, The sole purpose of the hacker was to make money from the traffic that he would get from the page. Angaraag Mahanta's facebook page have a huge number of active followers and anything that he shares gets thousands of likes and shares. The hacker wanted to take the advantage of that.

After looking at the WHOIS record of the site ( laughwithvoice.com ), we get to know that the site was created on 21st January. The hacker added a adsense account to it which means that he would earn from each visit that he gets on the site. Next the hacker wanted lots of traffics on his site so that he can earn. So he targeted Angaraag Mahanta's facebook page and managed to grab a lot. (I think)


As the hacker removed the admin from the page so it took us some time to get it back . We contacted Facebook Head Office regarding this and after working for 2 days  I was able to get back the page  on 25th January night and secure it. 

Once we got admin rights , I was inside the page and I saw that the hacker made almost 15 schedule post on the page. I removed all of those and also made changes on the page and secured it.

On 26th January Angaraag Mahanta made a post and thanked me for helping him recover the page.


Hello people! Happy to announce that after 4 frustrating days of crazy links posted on my page and multiple attempts...
Posted by Angaraag PAPON Mahanta on Monday, 25 January 2016

He met me on 31st january, at Rongali . He is such a humble person. I am happy I was able to help him.

Me and my friend with Papon Da

Final Words


The hacker calculated a lot before he carried out the attack. The website ( laughwithvoice.com ) was created 2 days prior to the attack and the hacker made the WHOIS record as private so that it become hard to trace. also since the website was new, there were no previous records of the site on the net.

Facebook page managers of celebrities should be very careful while clicking on suspicious links as most of the cyber criminals and fraudsters target such popular pages.

What Can Be Done Out Of A Hacked PC?

Some wild People Say "Hey! I Just Hacked a PC!", Some may just fake it but some may really have done it. So, What Do They Really Mean when the say that? This Article Will Discuss about In How many ways a Hacked PC Can Be Used, And in later articles I'll be explaining about each attack and how it works.

First Of All, a PC can be hacked in many ways, It maybe a PC/Server Whatever. But Once it's compromised, that particular PC becomes the paradise of the attacker. There's a whole lot of harm that an attacker can do to your PC, Yes! Your PC/Mobile That's connected to the internet can be compromised! That's why Always Keep you Antivirus Updated.

A Broad View of All the Attacks Takes me to 8 Categories,
  • Webserver
  • BotActivity
  • Virtual goods
  • Reputation Hijacking
  • Financial Credentials
  • Hostage Attacks
  • Account Credentials
  • E-mail Attacks
So, That's the prime 8. Take a look at the infographic that i made for a brief details of each.
In the Further posts, I'll explain how these attacks work with linux machines, because I am not really a very big windows fan. Also Windows Machines are most Vulnerable to these attacks!
So, This post was all about you knowing what kind of threats exists, and the first and a best step a normal PC user can take is update the antivirus software regularly.  

if you have any question, don't hesitate to post them in the comment section. 

Open redirection found on Samsung's official Website


An open redirection was found by me on Samsung's official site www.samsung.com



An open Redirects allow web applications to direct users to different pages within the same application or to external sites. Applications utilize redirects to aid in site navigation and, in some cases, to track how users exit the site. Open redirect vulnerabilities occur when a web application redirects clients to any arbitrary URL that can be controlled by an attacker.

Attackers can utilize open redirects to trick users into visiting a URL to a trusted site and redirecting them to a malicious site. By encoding the URL, an attacker can make it more difficult for end-users to notice the malicious destination of the redirect, even when it is passed as a URL parameter to the trusted site. Open redirects are often abused as part of phishing scams to harvest sensitive end-user data.

Samsung.com have global alexa of 241 which means thousands of user visit it daily which makes the vulnerability more dangerous as attackers can easily trick others in clicking the malicious link.




I have reported it to samsung 3 weeks before but still now it is not yet patched so now i cannot give the full detail about the vulnerability.

[UPADTE 8/2/13]

Finally the vulnerability is patched by security team of samsung last night.

so here is the POC

Vulnerable link: http://www.samsung.com/public/redirect.html?sitecode=in&pid=in_samsungindiaestore_header_20120322&URL=http://www.hackatrick.com

The above link opens this website but now its fixed. this is the screenshot of the email I got from the team last night.

Bypass Facebook Link Detection



So in my last post i showed you how to create phishing page using Super Phisher and how to host it.

Well creating and hosting a phishing page it easy but if you are creating a facebook phishing page than things are not so simple because facebook has blocked all free hosting and url shortening service so even if you host your phishing page,you will not be able to send the link to the victim via facebook.

Create Fake Login Page of any site with Super Phisher Tool Part II



This is the second part of  '' Create Fake Login Page of any site with Super Phisher Tool ''. Many people said that the tool is not working properly and few were saying that they are facing problem in uploading it.So in this post I will make everything clear to all.

To download the tool read my first post on it here:

 Create Fake Login Page of any site with Super Phisher Tool

Now after downloading it,run the tool and enter the URL of the site you want to create phishing.





Here I have made phishing page of facebook.You can create phishing page of any site you like by this tool but if you want to make of facebook than you can better download my file here:




Now you have two files in it.Follow the below steps:

1. Create an account on any free hosting site.Here I used www.my3gb.com

2. Go to the control panel


3.Clik on File Manager

4.Upload the two file that was generated by the tool or downloaded.


5.Give the link of the site you created to the victim.after someone enters the ID and password in the phishing page open the file manager.you will get a new file uploaded there.open that file and you will be able to get the ID and Password.

But this is not the end.There comes a problem,facebook has blocked all free hosting sites.So if you will give your site link to the victim via facebook,it will be detected and you will not be able to get the ID and password.Wait for my next post where i will discuss how to bypass facebook's Link detection.




Create Fake Login Page of any site with Super Phisher Tool


 Today I am going to explain you how to make your own Phishing page without any sort of copy & pasting but just with a simple click.



First of all let me specify some key features of this Phishing tool :-

* Simple and easy tool which can be used even by a 10 years old boy.
*Create any fake page. For ex- Facebook, Gmail, Yahoo, Hotmail, etc.

Steps to create your own Fake Page:-

* Download Super Phisher here & Extract it.