tacocat

Anybody know of a good ASP.NET web shell? I know Metasploit is an option, but I'd rather not use it.

Why should I write my own payloads or malware, instead of just using a payload with a Meterpreter, generated by Veil-Evasion or something?

Whenever I attach a malicious PDF to an email with the Social Engineering Toolkit, it is caught by Google, and the message is not sent. Also, sometimes the emails say that they were sent, but they never go through. Any help is appreciated

Everyone always encourages you to use TOR and a VPN while doing illegal activities online, but how can you stay anonymous with that? For Metasploit, I port-forward so that the LHOST will work outside of my LAN, but what if the attacker is logged on to somebody else's network, ...more

I have a few spare computers and an old server, which I got for free. I don't use that, but I have a desktop with Ubuntu server, and Apache, SSH, and FTP configured. Right now it isn't doing anything, but are there any cybersecurity-related uses? I don't mean defensive, like a ...more

Recently, when I have been getting updates on my Kali machine, they have been coming from the Duke University mirror, instead of the Archive mirror like I have always used. I haven't edited my sources.list file, and this change has also happened on another machine with a Kali ...more

Hello all! Just for fun, I used Google Dorks to just find some websites with a password.xls file publicly available, and when I searched filetype:xls inurl:password.xls, the first result was the website of a university in Hong Kong. I downloaded the file from a virtual machin ...more

Are Metasploit attacks or post-exploitation modules noticeable by a sysadmin or anybody monitoring the network? And if they are, how do you get around this? Proxychains, reverse DNS? Thanks

So, hypothetically, say I may have scanned something important. Should I be worried? If I still have to login to their site occasionally...hypothetically ...more

I am considering switching from Kali to Ubuntu for all things cybersecurity, and I really need someone to talk me out of it :P (or why I should switch). Thanks

I've been trying to send an email with the Social Engineering Toolkit for about as long as I've had Kali, but every time I one with an attached payload, Google blocks it. I've been using Gmail (which is why Google blocks it). Is there a better way to do this, or some workaroun ...more

What is the best tool to generate malware, and how can I use it safely? I know that most DarkComet RAT downloads are ratted themselves, and I obviously do not want this on my system. Thanks

I was wondering if anybody knew some good proxy servers that I could use to route terminal traffic through Proxychains. I want to set up a chain of proxies - hence the name, but I don't want to use Tor. Anonymous proxies would be even better. Thanks, Tacocat

Hello everyone! I just found this article on Twitter, about how people are using RATs to get control of your Steam account and your computer. I play CS:GO often, and thought this was something interesting to share here. :) http://securityaffairs.co/wordpress/51824/malware/ha ...more

Hi all! If anyone remembers how back in season 1 of Mr. Robot, somebody put malware on a CD or DVD and it automatically executed when it was put in a computer, I was wondering how to do that. Kinda like a USB Rubber Ducky, but with a DVD... Thanks

I've always known this is important, but why?

When they updated Kali, they update GNOME to GNOME 3. I really miss the old version now, which I think was the original version, and I'm even using Cinnamon to make it feel similar. Any way to get the old version back on Kali?

In an input tag, with value="", is there any way to escape the quotes if including quotes in your input is filtered?

When scanning a target system, why is it necessary to be "quiet"? I know it is so that the sysadmin won't notice you, but why shouldn't he?

I'm trying to find the best way to search for vulnerabilities. I know there's nmap or nikto, and many others, so which tool/method do you think is best?

I have been experimenting with metasploit and metasploitable lately, and on the meterpreter, the Persistence option seems to be only available for Windows. Is there any way to put a backdoor on a Linux machine from a shell or Meterpreter? And if not, what other ways could I do ...more

Hello all! I am trying to learn about phishing with SET (if there is something better, I would love to know), and I was wondering if there is a way to find or make templates for a copy of a site (credential harvesting), with minimal HTML. I know a little, but not nearly enoug ...more

Hi all! I have been trying to set up DVWA for a while now, and the Live CD seems to be the only thing working for me. Problem is, I have no idea how to access it from a browser. ifconfig didn't return any IP. Any help is appreciated. Thanks, Christian

Hello everyone! I have a general understanding of Linux, pentesting, and somewhat of network traffic, but I've always wondered how to get an IPaddress remotely. Traffic sniffing seems like it would only work if you are near the location of the target, but I might be wrong. An ...more

Hi everyone, I am trying to learn how to use Weevley, but I don't know how to upload a .php black door to a website that doesn't have a place to upload files. If anyone can tell me how to do this, I would appreciate it. Thanks, Cherman