Jump to content
Hak5 Forums

Nick Kwiecien

Active Members
  • Content count

    9
  • Joined

  • Last visited

About Nick Kwiecien

  • Rank
    Hackling
  1. WPA2 - EAP

    For either the Tetra or the Nano can either of these devices perform attacks against a WPA2 -EAP Network? Is there a function that allows you forward radius authentications requests to the victims radius server acting as a MITM?
  2. Tools disappear

    Thanks man!
  3. DNS Issues

    is there a way for the DNS suffix to be automatically updated when the turtle gets plugged in. Right now when you plug it in it gets handed its own dns suffix so no hostnames can get resolved. Is there a work around for this?
  4. NTLMv2

    So I've successfully dumped NTLMv2 hashes from a locked PC and I am stuck on what you can do with them from there. With the new security updates regarding token based filtering trying to pass the hash or remote login without being a SID 500 is almost useless and unless you have access to a descent size GPU cluster trying to crack NTLMv2 will also be a challenge. If someone can enlighten me on some ways to gain a foothold with those hashes im all ears
  5. Quick Creds setup

    It worked on the first try opening up the browser while it was running! Thank you for the help. So yes I think you were correct about the machine not being able to reach out and grab the ntlm hashes
  6. Quick Creds setup

    The sits there forever blinking yellow trying to find ntlm hashes but are never found
  7. Tools disappear

    So I am trying the quick creds with my new bash bunny. I put it into arming mode and put the payload in the switch 1 folder and put the responder in the tools folder. I try out the attack and then go back into arming mode and see my responder is gone and all I got was the pc name. What am I doing wrong?
  8. Quick Creds setup

  9. Quick Creds setup

    really confused on how to setup quick creds on the bash bunny...Found different steps to take but no tutorials or documentation on the configuration and setup. Also another thing I was thinking about is what if I am out on an engagement and said company has 2 step verification. Does this attack still work?
×