Jump to content

Creds Payload


mule

Recommended Posts

I've completed the firmware 1.1 update and the impacket tools installation. However, when I place the creds payload into payload.txt under the payload\switch1 directory. I get a quick green flash and nothing else. The only switch position that seems to work is zero.  Any advice as to what my next step should be?

 

Link to comment
Share on other sites

I am assuming you mean QuickCreds.

Did you install responder too.  Quickcreds requires that.  Responder is easy to install being you just need to clone their repo and copy that folder into your tools folder so it is loaded on next loading of the bunny in load mode.

If you mean dumpcreds then that needs impacket which is trickier since it has to be added a certain way to work.  Someone built packages for both of them to do clean installs of them for you into your tools folder.  I took the standard approach and installed them but now my path to the tools is different than other people's who installed them in a way they are still in the tools folder so don't follow my way for impacket unless you know how to remove it in case you want to.  I have to modify payloads path to those tools if they use them now.  Little inconvenience, makes me examine the payloads.  Of course next flash will probably start us back over again.  :-)  Just copying responder repo works fine, install is needed after the BB moves it over.

  • Upvote 1
Link to comment
Share on other sites

4 hours ago, mule said:

Thanks for the info. Just a couple of follow-up questions.

1. Is this the correct github location for responder -> https://github.com/SpiderLabs/Responder

2. Without responder loaded shouldn't the BB give me an error LED. Once I see the flash of the green LED, nothing else happens.

Thanks again for your help!

You would think unless you have something there that looks like it in the check but it is broken like you have a responder folder but no Responder.py in it.  Only way to check for sure is to ssh into the BashBunny and browse the /tools folder in they system partition.  If you have a responder folder in there that is not copied right then that is why you are not getting the missing payload error.  I would do that first.  Make a blank payload with just the attackmode set to RNDIS_ETHERNET for Windows or ECM_ETHERNET for linux/mac.  When it comes up, ssh into the bunny off of the instructions in the wiki and browse it like a linux box.  See if the /tools folder has what you need.  You can even test some of the tools like running smbserver.py to see if it loads or errors with missing dependencies.  Same thing with Responder.  You can load it in analyze mode with the interface being usb0 to test and crtl-c out of it when done.

Spiderlabs are the makers of Responder so that link is correct.  Only change I would make after cloning is make the responder folder name lowercase.  I think all payloads reference a lower case spelled responder folder in tools, I had to ssh into my bunny to change that when I realized it the first time.  You can avoid that by renaming it before copying to the tools folder in the usb partition when the bunny is in arm mode.

 

Once again, impacket takes more work to get going so I advise finding in the forums the post of the guy making the deb files to do this for impacket unless you do not mind impacket putting itself in your bin folder and stuff if you install it the normal way you do on a desktop.  Responder you can go either or since no setup afterwards is needed for it to work.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...