Before the birth of Narapisach

sushil phuyal
3 min readAug 6, 2022

--

Words of Author:

After the era of site defacement, hackers here in Nepal have also been towards data. People mostly used to do some SQLI and exploit some other vulnerabilities to deface the site and act cool. but here in this era now, hackers are going for the data of the company. The carelessness of security has made company already been breached a long time back, which companies are unknown about. This talk series touched me a lot, and this is about a teen hacker who did the biggest cyber attack in the history of Nepal. So, hope you enjoy the series. but before this you need to go through the previous writeup of case study series linked here:

Vianet case

Foodmandu case

This talk series is purely based on interview with Narapisach himself. And all facts are mentioned from his talk and experience. This will be a series of his life story, including his life, personal life, about motive of Vianet attack, before and after an arrest, and also all the thing inside his mind at that particular time. And there will be many anonymous peoples mentioned as X,Y,Z and so on for their privacy concerns.

So, here we begin with how the Narapisach was born. A curious child who changed some value of binaries which made some real-world value impact made that genius born. He went to Bangalore and worked at a cybersecurity company where he got to explore cyber technologies and also sharpen his computer and security skills. After class 10, he broke up with his girlfriend, which made a sad life for him. Being a hacker is tough, and dealing with a hacked mind on breakup was a tragedy for him. Life was really bad for him at that time.

Here the story becomes darker, he used to get scam calls and he had a dream of finding it. So, he came up with the idea of creating a search engine that could get him to know the exact person who was calling him. This dream started after he got the idea of him being able to collect data from sources, and he got inspired by the data dump from the case of Foodmandu. This was a deep motive of a hacker to hack Vianet. But the exact reason for the attack was he met with a person ‘X’ who already had a dump of the big company of Nepal, and made a deal to exchange it with Vianet, to help him build his search engine which can verify the authenticity of a person, not only for him but for companies as well. But Mr. ‘X’ had an dream of creating ‘X’ company and also got a website already to make Nepali version of haveibeenpwned. which was his dream of creating a similar thing.

when asked for why was he named Narapisach he answers

yep I’ve got a beautiful answer with an example like people mistaking for their own identity like: “i am angry” than “i am feeling angry” that’s what narpichas is

so that mean it came from a frustration.

He specifically used IDOR vulnerability, to exploit Vianet through an exposed API endpoint. It was a POST request, and he claims to use multiple TOR proxy chains to change every 3 seconds to confuse the defenders of the ISP to analyze the attack. He was already mapping the incident and was prepared for the cyber security companies to get involved, the industry to get triggered, and also was ready for anything. But he admits he had no idea of being prepared for the police and the consequences.

He hacked the Vianet, but we previously mentioned that He did it to exchange data with Mr. “X” but what made him dump it to social media? This might be a question in your mind. But, the main reason for this will be on the next episode, so stay tuned, subscribe and follow. The next one will be the reason for the breach and the day after the breach of his life.

Happy hacking!

do show some love with some share to inspire me to write more of such series of cyber attacks and security.

feel free to give a suggestion and review in the comment!

--

--

sushil phuyal
sushil phuyal

Written by sushil phuyal

a weird guy who loves everything between security and internet

Responses (2)