Need suggestion: Exfiltration to gmail/pastebin/tinypaste
136 views
Skip to first unread message
Nikhil "SamratAshok" Mittal
Mar 29, 2014, 7:00:24 AM3/29/14
to kautily...@googlegroups.com
Hi list,
I am currently working on the next release of Kautilya. I need suggestions from users regarding the exfiltration method used in Kautilya. As you know, Kautilya currently provides for pastebin, gmail and tinypaste for exfiltration of information. Here is why they are used:
Pastebin - It is generally allowed across firewalls.
Gmail - Not always blocked, application specific passwords.
Tinypaste - Just as a backup in case pastebin could not be used.
I am planning to remove tinypaste from options. What do you guys think?
Also, as Kautilya drops username/password of your gmail/pastebin/tinypaste in plain-text on a target in a powershell script, I am looking for a way out without any success yet.
Summary - Unless users suggest otherwise, in the next release, tinypaste will be removed as an option or replaced by a better one (suggestions welcome) and users would be warned about their credentials.
Happy Hacking,
Nikhil SamratAshok Mittal
I am currently working on the next release of Kautilya. I need suggestions from users regarding the exfiltration method used in Kautilya. As you know, Kautilya currently provides for pastebin, gmail and tinypaste for exfiltration of information. Here is why they are used:
Pastebin - It is generally allowed across firewalls.
Gmail - Not always blocked, application specific passwords.
Tinypaste - Just as a backup in case pastebin could not be used.
I am planning to remove tinypaste from options. What do you guys think?
Also, as Kautilya drops username/password of your gmail/pastebin/tinypaste in plain-text on a target in a powershell script, I am looking for a way out without any success yet.
Summary - Unless users suggest otherwise, in the next release, tinypaste will be removed as an option or replaced by a better one (suggestions welcome) and users would be warned about their credentials.
Happy Hacking,
Nikhil SamratAshok Mittal
cgsi...@gmail.com
Mar 29, 2014, 1:34:02 PM3/29/14
to kautily...@googlegroups.com
Nikhil,
My hesitation with using the techniques you already have is the necessity of having creds typed in clear text on the victim machine. Could you just code something to exfiltrate data in a http get or post request? The tester would then just need to start up a web site and pull the data from the logs. I'm sure people could put together more complicated web apps to receive the data, but maybe you could just code kautilya to take a url as a parameter to send data through.
My hesitation with using the techniques you already have is the necessity of having creds typed in clear text on the victim machine. Could you just code something to exfiltrate data in a http get or post request? The tester would then just need to start up a web site and pull the data from the logs. I'm sure people could put together more complicated web apps to receive the data, but maybe you could just code kautilya to take a url as a parameter to send data through.
My $0.02,
Chris
Nikhil Mittal
Mar 29, 2014, 1:44:43 PM3/29/14
to kautily...@googlegroups.com, cgsi...@gmail.com
Thanks for the suggestion,
I understand that. There is already a HTTP Post function in Kautilya code. I think it should work with a website which is able to log POST requests. I would test it and provide it as an option in the coming release.If possible, that would also be included as an option. I will also retain gmail and pastebin though.
--
You received this message because you are subscribed to the Google Groups "kautilya-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kautilya-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Regards,
Nikhil SamratAshok Mittal
nikhil_mitt
http://labofapenetrationtester.blogspot.com/
Reply all
Reply to author
Forward
0 new messages