Batman

Active Members
  • Content count

    68
  • Joined

  • Last visited

About Batman

  • Rank
    Hak5 Fan ++
  • Birthday July 4

Profile Information

  • Gender
    Male
  • Location
    Batcave
  • Interests
    Cybersecurity, Forensics, Hak5, Networking, Cars, Motorcycles, hiking, camping, guns.
  1. Thanks for the response, b0N3z. My test MB Pro is up to date with IOS updates, etc. No encryption on the HD. I thought it was weird that this script would be cross platform with just the change of two lines. Can't be that easy since credentials are stored in Windows completely differently than they are in Mac. I'm determined to do some research and see what is needed to create a payload like this for Mac's.
  2. Same thing happened on a linux computer. Payload creates a folder in the /loot/quickcreds/ folder with the computer's hostname but the folder is empty. Bunny had a flashing yellow LED.
  3. Hi everyone, I've been playing around with Mubix's Quickcreds payload (awesome payload, Mubix!) and have run into trouble with using it on a Test Mac. I plug in the device and it goes to flashing yellow LED on the USB but doesn't proceed further. When I plug the USB in under arming mode I can see "TESTs-MBP-1" (Mac's name) in the loot/quickcreds/ folder. The folder is empty. The payload is set to use ECM_ETHERNET. I see the device under the network section of system preferences with the correct IP address (172.16.64.10). I see in the payload that yellow LED means that it's running the attack. I have a feeling that it's getting hung up on finding NTLM logs. Mac/Nix doesn't store password hashes in the same way that Windows does, right? So why is it this payload is able to work with Mac/Nix with the only difference being the ECM_ETHERNET vs RNDIS_ETHERNET for Windows? Thanks.