Hi list,
I am currently working on the next release of Kautilya. I need suggestions from users regarding the exfiltration method used in Kautilya. As you know, Kautilya currently provides for pastebin, gmail and tinypaste for exfiltration of information. Here is why they are used:
Pastebin - It is generally allowed across firewalls.
Gmail - Not always blocked, application specific passwords.
Tinypaste - Just as a backup in case pastebin could not be used.
I am planning to remove tinypaste from options. What do you guys think?
Also, as Kautilya drops username/password of your gmail/pastebin/tinypaste in plain-text on a target in a powershell script, I am looking for a way out without any success yet.
Summary - Unless users suggest otherwise, in the next release, tinypaste will be removed as an option or replaced by a better one (suggestions welcome) and users would be warned about their credentials.
Happy Hacking,
Nikhil SamratAshok Mittal