How a PDF Stole a Life — A Hacker’s Mental Game

Introduction


What if you had only a phone number and a private Instagram ID…

No name. No bio. No display picture.

No social media activity. No Google footprint.

Nothing.

Could you still find out who they are, where they live, and what they do?


An ethical hacker took on this challenge —

No tools. No Kali. No Google.

Only Termux. Only Python. Only the brain.


And what happened next was something even he didn’t expect...


Phase 1: No Tools, Just Mind


Let’s start with what we had:


Phone number (no Truecaller data)


Instagram ID (private, no bio, no DP)



Most people would quit.

But hackers don’t chase people — they bait them.


Phase 2: The Trap — Social Engineering


Instead of brute-forcing data, the hacker planned a psychological attack.


He designed a PDF file with a fake title:


> “Result Card - College Fall Term 2025.pdf”


It was crafted using Python in Termux:


from reportlab.pdfgen import canvas


def create_pdf():

    c = canvas.Canvas("result_card.pdf")

    c.drawString(100, 750, "College Result Report")

    c.drawString(100, 730, "Check your score here:")

    c.drawString(100, 710, "http://your-ngrok-link.ngrok.io/verify?id=235")

    c.save()


create_pdf()


The PDF looked clean. But the link was a trap — hosted on Termux using:


python3 -m http.server 8080


Then exposed using Ngrok:


ngrok http 8080


Phase 3: The Click


The hacker sent the PDF file to the target via email (or anonymous Insta DM):


> “Hey, I think this is your result file. I found it on a college server.”




Curiosity always wins.

And when the victim clicked…


BOOM.


Phase 4: The Payload


The hacker had set up a webhook logger (using webhook.site) to capture:


IP Address


Location (approx via IP)


Device Info


Browser Type


OS Platform


Time of Access



All of this from just a PDF click.


Sample Log:


IP: 39.50.93.XXX

Device: Android

Browser: Chrome Mobile

Location: Lahore, Punjab, Pakistan

Access Time: 10:43 AM

Referrer: Instagram App


What If It Was Malicious? (Hypothetical)


If the hacker had bad intentions, the PDF could have contained:


A reverse shell


A keylogger


Script to steal saved files


Or a full system exploit (like exploit/windows/fileformat/adobe_cooltype_sing)



But this case?

It was just a test of skill. A hacker’s mental challenge.


Moral of the Story


The strongest hacking tool isn’t a program.

It’s psychology.


Social engineering is more powerful than any brute-force script.

Even a basic Python script in Termux can expose identities —

If used with the right bait, brain, and timing.


Educational Note


This blog post is fictional and for ethical educational purposes only.


Never use hacking skills to harm, stalk, or violate privacy.

Use them to learn, protect, and educate others about cyber risks.


Final thoughts


One day you’ll face a locked door with no key.

You can keep pushing…

Or you can convince someone to open it for you.


That’s the hacker way.

>Want to learn about social Engineering check out my blog on Social Engineering Attacks: The Human Side of Hacking

https://theethicalexploit.blogspot.com/2025/04/social-engineering-attacks-human-side.html

Comments

Post a Comment

Popular posts from this blog

Scanning and Enumeration in Ethical Hacking: A Complete Guide

  Introduction: Why Scanning & Enumeration Matter in Ethical Hacking? After gathering initial information through reconnaissance, ethical hackers move to scanning and enumeration. These steps help identify: ✔️ Open ports and running services ✔️ Network vulnerabilities and security flaws ✔️ User accounts, shared files, and system details By mastering scanning and enumeration, ethical hackers can simulate real-world cyberattacks and help organizations secure their networks. > 💡 Example: A hacker might use Nmap to scan a company's network and find open SSH (port 22), indicating a potential vulnerability. In this guide, you’ll learn: ✅ The types of scanning & enumeration ✅ Popular tools used by ethical hackers ✅ Real-world examples and techniques ✅ Best security practices to prevent attacks Let’s get started! 🚀 1. Types of Scanning in Ethical Hacking 🔵 Network Scanning Network scanning helps map out a network by detecting: Live hosts (active devices) Open ports (entry poi...
Read more

Reconnaissance and Information Gathering in Ethical Hacking

  Introduction: The First Step in Ethical Hacking In ethical hacking, reconnaissance is the first and most crucial step. Just like a detective gathers clues before solving a case, an ethical hacker collects information about a target before launching any security tests. This process helps identify vulnerabilities and weaknesses that attackers could exploit. But reconnaissance isn’t just about gathering data—it’s about gathering the right data ethically and legally. In this blog post, we’ll explore: *What reconnaissance is and why it matters in cybersecurity *The difference between active and passive reconnaissance *Real-world examples of reconnaissance *Popular tools used for information gathering *How beginners can practice reconnaissance ethically Let’s dive in! What is Reconnaissance in Ethical Hacking? Reconnaissance, also known as information gathering or footprinting, is the process of collecting details about a target system, network, or individual before conducting security...
Read more

The Basics of Website Hacking: A Beginner's Guide to Ethical Hacking

  🔹 Introduction: Understanding Website Hacking Website hacking is the process of exploiting security weaknesses in a website to gain unauthorized access, manipulate data, or disrupt operations. While hacking is often seen as illegal, ethical hackers use these techniques legally to strengthen cybersecurity defenses. 🔍 Ethical vs. Illegal Hacking Black Hat Hackers – Hackers with malicious intent who exploit vulnerabilities for personal gain. White Hat Hackers – Ethical hackers who test security with permission to improve protection. Gray Hat Hackers – Hackers who operate in between, sometimes hacking without permission but not for malicious purposes. > ⚠️ Important: Unauthorized hacking is illegal. Always obtain proper authorization before testing a website’s security ! 📌 Table of Contents 1. What is Website Hacking? 2. Common Website Vulnerabilities 3. Basic Tools for Website Security Testing 4. Step-by-Step Guide to Ethical Website Testing 5. How to Secure a Website? 6. Rea...
Read more