Batman

Thanks for the response, b0N3z. My test MB Pro is up to date with IOS updates, etc. No encryption on the HD. I thought it was weird that this script would be cross platform with just the change of two lines. Can't be that easy since credentials are stored in Windows completely differently than they are in Mac. I'm determined to do some research and see what is needed to create a payload like this for Mac's.

Same thing happened on a linux computer. Payload creates a folder in the /loot/quickcreds/ folder with the computer's hostname but the folder is empty. Bunny had a flashing yellow LED.

Hi everyone, I've been playing around with Mubix's Quickcreds payload (awesome payload, Mubix!) and have run into trouble with using it on a Test Mac. I plug in the device and it goes to flashing yellow LED on the USB but doesn't proceed further. When I plug the USB in under arming mode I can see "TESTs-MBP-1" (Mac's name) in the loot/quickcreds/ folder. The folder is empty. The payload is set to use ECM_ETHERNET. I see the device under the network section of system preferences with the correct IP address (172.16.64.10). I see in the payload that yellow LED means that it's running the attack. I have a feeling that it's getting hung up on finding NTLM logs. Mac/Nix doesn't store password hashes in the same way that Windows does, right? So why is it this payload is able to work with Mac/Nix with the only difference being the ECM_ETHERNET vs RNDIS_ETHERNET for Windows? Thanks.

Seems to be a problem with the script. I tried a different scipt and it worked. Hmmmm...

Thanks Broti. I did read that but the light doesn't flash continuously. Just immediately upon insertion and then goes out. The SD card is readable in an adapter. I have 3 different SD cards and all of them produce the same result.

Hi guys, Been awhile since I've messed with my Rubber Ducky. I've loaded it with a clean script to save some information from the target on to the USB side of the ducky. When I plug in the ducky the LED flashes red once and then goes out and nothing else happens. I'm using it on a Windows 10 machine. Anyone know what could be the cause of this? Thanks in advance.

So I recently stumbled upon a fun website that has hacking challenges on there. You have to register (its free) and then you can work on the levels and challenges at your own pace. It's pretty cool. I've knocked a few out. Just thought I'd share with you all. You might learn some new stuff. I have. Cheers! EDIT: Forgot to post link to site : https://www.hackthis.co.uk/

I updated my reaver to 1.5.2 and still my router isn't getting hacked. I tried the command you suggested and got the same ouput. I tried looking at lists of vulnerable AP's and mine was not listed.

Hi everyone, So I've been trying to crack my home router that's using WPA2 and WPS is disabled. Everything as far as airmon-ng, airodump-ng, and wash are working as usual. It's reaver that's the problem. I input my command - reaver -i wlan0mon -c 1 -b D8:EB:97:28:7C:A9 -S -N -vv and the output is like this: I stopped it because it just keeps doing this. I let it run for 24 hours straight to see if anything would change and nothing did. I did some research into the error code 0x04. EDIT: My router isn't vulnerable. That's what it is. >.< DUH!

You could configure authentication policies on the server. https://technet.microsoft.com/en-us/library/dn486781.aspx?f=255&MSPPError=-2147217396 From what I've read on here https://technet.microsoft.com/en-us/library/dn280945.aspx it looks like you can setup multifactor login using personal devices, like cell phones. "By using Workplace Join, information workers can join their personal devices with their company's workplace computers to access company resources and services. When you join your personal device to your workplace, it becomes a known device and provides seamless second factor authentication and Single Sign-On to workplace resources and applications. When a device is joined by Workplace Join, attributes of the device can be retrieved from the directory to drive conditional access for the purpose of authorizing issuance of security tokens for applications. Windows 8.1 and iOS 6.0+, and Android 4.0+ devices can be joined by using Workplace Join"

Agreed. If it's intellectual property of the company you can definitely take it to court if the former employee isn't willing to supply you with the password. That's a huge no-no. Also, out of curiosity, what password recovery program are you using?

Are you trying to format the micro SD while using an administrator account? You'll probably need admin privileges to do that. You can also try right clicking the SD card under the quick access menu on the left side of the Windows Explorer, and click Properties. Click the "Tools" tab at the top of the properties window and click the "Check" button for Error checking on the drive. This should tell you if the SD card is actually bad or not. You might even be able to use DiskPart in cmd to fix the drive.

Zarabyte is right, try airmon-ng check kill (this will kill all processes that are interfering with you setting your adapter into monitor mode. You can also use airmon-ng check to just run a check to see if there are any processes running that will interfere.) airmon-ng start wlan0 Kali 2.0 lists the wireless adapter as wlan0mon as apposed to kali 1.0.9 would just say mon0. And of course, if you ever need help with a command or how it works you can use the man page for it, which is a manual. Not all commands have them, but most do and they're super helpful. The syntax for using the man for a command like airmon-ng would be: man airmon-ng And if you want to save the man page for later usage or to print it out you can use cat to copy the output to a text file. Example for airmon-ng: man airmon-ng | cat > /root/Desktop/airmon-ng_man_page.txt The above command will print the manual page for the airmon-ng using cat to a text file airmon-ng_man_page.txt to your desktop. Hope this helps!

Ah well thanks for trying. Haha. I found out the answer I was looking for anyway. It seems linux doesn't assign it anything if it doesn't already have one. I got lucky with my ducky in that it wasn't associated with one. :) Thanks for your time, Mr-Protocol!

I just checked with a USB device I just plugged into my computer - a Sandisk micro 32GB usb drive. You can see the serial number listed in the registery, and then I double checked it using wmic. They match. I did the same thing on my GF's Windows 7 computer and they also matched. Gonna check now on my Kali box to see what it comes up with for the same USB drive. EDIT: Just plugged in the same USB drive to my Kali Laptop (totally different machine) and using lsusb -v the iSerial is listed as 4C530001110925102182. Matches the Windows Serial for it. Do you have a Windows machine to check what windows will assign to the HASP dongles you have? EDIT2: I tried doing this with my USB Rubber Ducky.. my Kali laptop left the serial number blank and the Windows 10 Desktop assigned it a serial with the "&" in the second position... see the rubber ducky jpg. The output of the lsusb -v for the Kali box was Bus 002 Device 006: ID 03eb:2422 Atmel Corp. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x03eb Atmel Corp. idProduct 0x2422 bcdDevice 1.00 iManufacturer 1 Ducky iProduct 2 HID Keyboard and MSC iSerial 0 bNumConfigurations 1