Do i have to actually learn C to be able to make backdoors and RATs that can run natively (meaning without having to install anything extra) on Windows?

Sorry if my question isnt clear i’m kinda sleepy right now

Hi, I have been following along with the cyber mentors tutorial on basic hacking and I’ve gotten stuck trying to get a connection to Kioptrix level 1. I have set up both Kali and Kioptrix on NAT however when I try using netdiscover or arp-scan only 3 IP’s come up one ending with .1 another with .2 and the third is my own ip. From what I’m aware I should be getting a 4’th IP for the Kioptrix VM. Do I have to run them simultaneously or something? Any help is much appreciated as I’m very new

I’m look for some hand-on Linux+ and Security+ exercises. For some reason my payment is not being accepted and don’t have time to go down that rabbit hole. I’m will to pay $$-$$$$ Anything would be appreciated!

Hello!

Our school implemented an SSL inspection tool called ContentKeeper. It’s super annoying. Im currently running ubuntu on a USB stick at school as the laptops there don’t even allow us to install python (which I have a class for)

Normally all requests go through as expected when using a laptop without my own OS, but whenever I try to use mine I get a MITM warning that I can’t ignore. Absolutely no connections are making it through to shadowsocks or any sort of proxy server on both my home PC or a hosted server.

Also I cannot make any connection with SSH from the school network

Here are some things I have tried:

Shadowsocks: Nope no connection at all on ports 80, 443 or default?? Theres a small chance that i messed up something but im also not even able to ssh into my pc or my server from the school internet on my ubuntu stick

​

Remoting into my home PC is an option but the basic things I have tried (chrome remote desktop, parsec, steam remote play) all do not have internet access.

​

Tor: Nope

​

OpenVPN ports 80, 443: Nope 🙁

​

DNS tunnel (I cant find any decent tutorial and I keep seeing everywhere that it slows connection; I need a fast connection ideally for remote desktop with low latency): Havent tried

​

I do have connection from my IOS and Android device when I connect to a free VPN (XVPN) however installing it on the laptop makes it not work for some reason (Have tried many VPNS)

​

Sorry for the massive block of text. Also please go easy on me because I am slightly newer to networking! 🙂

I will update the post with things I have tried and will respond to every comment with advice.

Thank you in advance!

A certain messaging app with 2FA has locked me out after mistakes of my own making. It looks hopeless form the outside, but something intrigues me. I know my login, but the 2FA App that it wants to to use (Google Authenticator) has been removed. Thus I have no way to know what the code actually is. However, it is that it still is taking requests. In other words, I have unlimited attempts to guess just this six digit code. I have never run into limits in the myriad incorrect attempts I have had, which leads me to my question for this sub: which software best for brute forcing a six digit 2FA verification code?

I’ve heard about various options: Jack the Ripper, Dave Grohl, etc. My question is what, if any, is recommended specifically for br*te forcing a six digit code, rather than a password. Ostensibly a far easier process. Again, the username and password are already known.

The current sequence is as follow: login screen => correct email and password => enter the six digit code from authentication app =>login access granted. I currently only need help with the last step.

Feel free to DM any advice you wish not to disclose publicly. Thanks.

Note: This is for MY OWN account that I am now locked out of. Thus, I have no reservations about acquiring a means to ultimately retrieve my own information. I fully believe that this information is ultimately mine before that of the company in charge of this messaging app. Therefore, spare me any “you shouldn’t be doing this” comments. Rather, I would argue ardently, that all end users are entitled to their data that they provide at the of the day. End of discussion.