Unused might be wrong word but I can’t think of the word rn, I’m trying to use an IP for metasploit on my network that isn’t in use but don’t know how, what software is best to use for this and what is the command if its terminal based (I use kali linux)

Hello everyone,

I’ve wondered something for years now, and am hoping to have a discussion about it.

In a perfect world, we would have two or three-factor authentication on ALL programs, be they something as important as your bank account, or something as trivial as your Neopets account, and the passwords used for each account would be unique, and difficult passwords, like 2%!#gasG45$&*asd12.

In the real world, however, I have been unable to find a good system to achieve this. Sure, I can get a password manager or something like my Google Account to create a bunch of unique and difficult passwords for every account, and then hide all of that behind a single two-factor authentication system for the password manager as a whole, but this has issues. Namely, there are times when I don’t have access to my main password manager account, but still need access to one of the accounts it manages.

For example, say that my password manager is on my PC at home, but I’m at a friends house, and want to log in to my Instagram account to show them a meme I saved — there’s no way to get in, unless I actually remember the password. This means I can’t use unique and difficult passwords.

In other words, if I go with a password manager, I can ONLY ever log into things with my home-PC, unless the password-manager’s own password is easy enough that I can remember it (which then presents its own risks, as all of the passwords under the password manager are now easily-hacked.

So, I’ve always wondered if there’s a problem with re-using passwords across accounts for programs that don’t really matter if someone hacks. I know that re-using passwords is typically looked down on, but if we’re talking about something like your Runescape account, what harm is there really to your life if it gets hacked?

​

For obvious reasons, the example passwords I’m sharing below have no relation to my real-life passwords, except in regards to the general feel of their difficulty to memorize.

​

So, as an example:

–Tier One–

Programs: Youtube, ArmorGames, Reddit, Minecraft, Pinterest, etc. Accounts with no payment info on file, and which don’t really matter if they get hacked.

Password: An easy password like Password123456 for all of them.

— Tier Two —

Programs: Facebook, Instagram, Snapchat, etc. Accounts with no payment info on file, but which would have annoying temporary social consequences if hacked. Also programs like Steam, Amazon, Ebay, etc., with payment info on file, but with strong anti-fraud protections.

Password: A mix of medium-difficult passwords like 67SierraApple15!, 49HorseTango15!, and 29Bottle49Staples, spread between them (so two or three programs might share the same password, but no more than that.)

— Tier Three —

Programs: My Bank, My Google Account, My IRS Account, etc. Accounts with mass-money implications, and/or identity-theft concerns.

Password: Medium-difficult-style passwords like 59%%FoxtrotDepressed19 that are unique to each program, with 2-factor authentication if available.

​

​

Is this an acceptable password strategy, or am I setting myself up for disaster here? I just don’t see how something like a password manager is better, when it puts all of your passwords into a single basket, creating a single point of failure for every account you have. Maybe I just don’t understand them, but password managers seem like a huge step backwards in cybersecurity.

Any insight or thoughts is appreciated. Thank you for your time!

Topic – Metasploit Payload not able to connect back to me cause of changed IP address…..

I don’t know if this is possible or not and if I am making sense or not, but is there any way to get the same IP address every time for a payload to connect on.

I installed Metasploit on Google Cloud Console. We all know how we can use a Payload over WAN, and I did the same I used ngrok to make my Payload connect back to me over WAN(wide area network) but there is one problem, it is that everytime I launch Google cloud console it has a different IP address and that’s why my payload is not able to connect back to me.

In order to make my Payload connect back to me I have to keep my Google Cloud Console machine online or open for the whole time and once I close it or restart it the IP changes and I don’t get the connection back, Is there any solution to this problem.

I also don’t get the same IP on ngrok too.

I guarantee that I don’t want to use any of this information for any bad purposes, these are only for my Presentation at my college (to impress someone)…