Jump to content

Quick Creds setup

Nick Kwiecien

By Nick Kwiecien
in Bash Bunny

 Share

Recommended Posts

Nick Kwiecien Newbie

Nick Kwiecien

Posted
Posted

really confused on how to setup quick creds on the bash bunny...Found different steps to take but no tutorials or documentation on the configuration and setup. Also another thing I was thinking about is what if I am out on an engagement and said company has 2 step verification. Does this attack still work? 

Link to comment
Share on other sites
craig131 Newbie

craig131

Posted
Posted

Download the Responder package from the pinned post here:

Drop the .deb file into your /tools directory. Safely eject, remount. Then run the payload just as you would any other. Works great on locked machines!

  • Upvote 1
Link to comment
Share on other sites
PoSHMagiC0de Rookie

PoSHMagiC0de

Posted
Posted
On 6/9/2017 at 8:11 AM, Nick Kwiecien said:

The sits there forever blinking yellow trying to find ntlm hashes but are never found 

One way to test to make sure it is working is plug it into a Windows machine and then when it is working to launch Internet Explorer (because it will pass hashes) and browser anywhere.  Another test is to launch file explorer and put in a unc path to anywhere like "\\somewhere".  Those will trigger the event that gets the hash immediately.  If that works and you get hashes then the payload is working, the machine is not running any services that are reaching out that can pass NTLM hashes.  I seen it not work on locked machines after they have blanked the screen.  If you catch it before the screen blanks then it seems to work.  After it blanks though, that person will need to sign in to kick off their services again.

Link to comment
Share on other sites
Nick Kwiecien Newbie

Nick Kwiecien

Posted
  • Author
Posted
On 6/10/2017 at 2:07 PM, PoSHMagiC0de said:

One way to test to make sure it is working is plug it into a Windows machine and then when it is working to launch Internet Explorer (because it will pass hashes) and browser anywhere.  Another test is to launch file explorer and put in a unc path to anywhere like "\\somewhere".  Those will trigger the event that gets the hash immediately.  If that works and you get hashes then the payload is working, the machine is not running any services that are reaching out that can pass NTLM hashes.  I seen it not work on locked machines after they have blanked the screen.  If you catch it before the screen blanks then it seems to work.  After it blanks though, that person will need to sign in to kick off their services again.

It worked on the first try opening up the browser while it was running! Thank you for the help. So yes I think you were correct about the machine not being able to reach out and grab the ntlm hashes 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...