dark_pyrro

Same issue as in; "can't get modules and I'm located in China"?

So you used C2CONNECT to force the Shark to connect to the C2 server?

Looks like you're running your C2 server on Amazon. Did you open all the ports needed in the VPS firewall?

I can't remember if the classic Ducky came with an inject.bin file on the supplied Micro SD card. It's so many years since I got it. The 2nd generation Ducky should have a payload that puts it in ATTACKMODE STORAGE out of the box. But that's not valid here since this is about the classic Ducky.

Don't post USB Rubber Ducky related questions here.

What landing page? Evil portal?

Well, if you try to obtain the hash on a PC that has no logged in user (i.e. a PC that isn't actually locked), I guess you have to prepare yourself to wait until kingdom comes.

Just to be sure, you have logged in to the PC and then locked it, right? Not just let it boot up without any login.

No

Yes, if you get a NTLM hash it will turn green. If not, it will continue to blink yellow. There's no guarantee though that it will ever be able to obtain the hash. Also make sure to leave it for a while. It can take all from 2 seconds from when it starts to blink yellow (i.e. attack started) to well over a minute.

Well, 12 is 12 and not 17, so nothing much to do about that really Space isn't possible to use according to the specs since it's not alphanumeric

Did you at any point set a static IP address for the Bunny on the machine you're trying to run QuickCreds against?

ok, then the Bunny can't hand out any DHCP lease to the target (the computer to which it is connected) for some reason

There should be two things that produces the red LED and that's either failing to find responder (slow blink) or fast blink which indicates that the target doesn't get an IP address.

That screenshot tells me that you're not running 3.0.6.0, but the older version that comes with the deb from the forums (look at the version displayed = 2.3.3.6).

So, you're using hak5bunny and nothing else when trying to login?

You probably need to escape the $ char and/or quote the whole line

You need to QUACK the DELAY lines as well as ENTER Also, I'd suggest using QUACK instead of Q. Q is the same as QUACK, but I (and others) have experienced strange behavior using Q. I haven't been digging any deeper into that as to why that might be the case, but I always use QUACK instead of Q. There are other things in that payload that will need adjustment, but you will find that out.

(I answered in the other thread where you posted the same question)

Did you try what I posted about formatting. You say that you use the formatting in the Nano UI and in my post I say to not do that; did you try that variant? Make sure your MicroSD card has only a single, unnamed partition and is formatted with EXT4. Also try different cards just to rule out the possibility that the card used is faulty. Users have reported issues with the Nano when it comes to MicroSD card handling, but I didn't ever have any real issues myself during the years that I actively used the Nano.

Note that C2 isn't a command in itself. What Darren is doing in the video is pressing tab (twice probably) to make the system "reveal" what known commands that starts with "C2". In any case, the available C2 commands should be located in /usr/sbin and those are the same that is shown in the video at about 8:20. If the commands aren't there, you should probably check what firmware version the Turtle is running. I can't see any reason why the Turtle should be on anything else than a version that supports C2 (which should have been introduced from version 5), but check it anyway to be sure. The firmware version should be available in the top left corner of the Turtle text based UI/menu system, or by checking the file /etc/turtle/VERSION

If you have an ordinary USB storage device attached to your computer; how do you safely eject that storage device before you remove it from the computer? That's the way you unmount the Croc. The reason why you should do that is because it's not a good thing to have a storage device mounted to two different devices at the same time (in this case your computer that the Croc is attached to, and the Croc itself). This might lead to corruption if not doing things correct. Note though that unmounting the Croc from the computer does not involve physically removing the Croc from the Computer since you still need to be able to access the Croc. It just involves ejecting/unmounting the Croc from the OS, not removing it from the USB port.

Like I said in the post https://forums.hak5.org/topic/60973-cant-connect-to-c2/?do=findComment&comment=366180

If you (on the Croc) list the content of /root/udisk, is the device.config file there? If not, then you need to mount the udisk to the Croc to get access to the content before running the cc-client command. First unmount the udisk from the computer to which the Croc is connected, then mount the udisk to the Croc itself with: udisk mount Then run the cc-client command in the way it was recently posted

That shouldn't have any impact on success In what path did you put Responder on the Bunny? What's the output if you execute Responder manually on the Bunny?