Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About tdhuck

  • Rank
    Hak5 Fan

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Gotcha, I was trying to copy/paste what I thought was the hash. For the record, I wasn't planning on using yours, I figured it was garbage/worthless if you posted it.
  2. Ok, can you quote your post and highlight what you dropped into hashcar to decrypt? Did I highlight the correct hashes or am I wrong? Thanks.
  3. Thanks, that is what I see, but I have no clue how to break it down. Obviously the entire thing isn't the hash. What are the two different MS accounts? One hash is the login, what is the other hash for? I made, what I thought were, the hashes bold/red. Are you guys simply using a hash program to decrypt the hash? Are you able to use the hash to login/get on a network share?
  4. For those stating that this worked, can you share the start/stop of the hash? I have the hash (the device/code does work), but I am lost when I get the hash.
  5. I checked that out when you first posted it and when I copied the text/hash it told me it wasn't formatted properly or it threw out another error, I will have to check again and see what I missed.
  6. I can't seem to find the page/setting where I can whitelisy my SSIDs. I don't want them being added to PineAP. I tried adding them to to filter section, but that doesn't seem to be the right place.
  7. The hash is there, but I don't know where it starts/ends. Computer is not on a domain. Basically, it works, I have the data, but I can't use/read it because of my lack of knowledge.
  8. I am confident that mine is working as it should, but I don't know where the hash starts and ends. Someone posted a link to a site explaining it, but I still can't do anything with the hashes/data. As you can see form my previous posts, it did take me a few attempts before I found the correct directory, but everything seems to be there. I have tested on my w7 and w10 machines, but have only verified entries for the w10 machine. I will assume it worked for w7, but I didn't look at all of the logs to find the w7 entries.
  9. Yeah, I have a similar question. I can see the computer name, but then just a string of text. Not sure where the hash starts/ends.
  10. Ok, I made some progress, as stated, I am a newb, I must be getting confused when/where I need to use a / Responder.db does show hashes and I see a user name (mine) with the hash behind it. Next step would be how to use the hash, on it's own, to log back into the computer/shares, but I will wait to see how others handle that. Interesting. Thank you to everyone who helped/posted.
  11. I don't think an internet connection is needed. When I plug this into my mac, the amber LED never stops blinking, but I SSH directly into it when it comes online. I am not sure if the attack continues to run. Maybe it does but never completes. When I plug into my windows computers, I do get a solid amber light, but I am having an issue getting into the directories where the log files are at (see screen shots/posts above). I appreciate the help, to this point, but I am still looking for some help as to why I can't get into certain directories....why can't I cd into a directory that I know exists? I am sure it is an error on my part...
  12. I have not been using a network connection on the turtle when I test.
  13. I can't seem to get into this directory/files Settings.HTTPBasicLog = /etc/turtle/Responder/logs/HTTP-Clear-Text-Password-%s.txt Settings.HTTPNTLMv1Log = /etc/turtle/Responder/logs/HTTP-NTLMv1-Client-%s.txt Settings.HTTPNTLMv2Log = /etc/turtle/Responder/logs/HTTP-NTLMv2-Client-%s.txt When I try to cd /etc/turtle/Responder/logs it tells me that I can't or the command prompt changes to the 19 subdirectory you see in my above picture.
  14. It did help, I had a feeling that what you said is true, but I still decided to post the screen shot showing 0s. I do have the 4 files, but no proxy file, this time. Why am I sometimes seeing a proxy file? I used cat to open the files, all of them opened with text, except 1 file, Analyzer-Session.log doesn't open, when I use cat to open it, it just bring me back to a new command line. I do see clean text in the other files, I need to spend some time to look and see if there are any hashes. I do see some output stating that .txt files exists in other directories, I will check those as well. Is that where the actual hashes are? Keep in mind I have not looked at the contents in detail, yet, I wanted to get my reply back to you/this thread, first. Thanks.
  15. Never even thought about viewing the size of the directories/files to confirm they are empty, thanks. Apparently, something isn't working properly. responder.log states that creds were saved, but apparently they were not saved/written successfully.
  • Create New...