Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by kuyaya

  1. Das scheint die Lösung zu sein👍
  2. kuyaya

    Key Croc

    As I said above, I don't think the authorized reseller sites are worth it. I had to pay 106$ including shipping and everything (to switzerland). I know that the shipping may be more expensive in certain countries, but even with taxes and everything, it'll never ever cost 159$. If you buy it on the authorized resellers sites you still have to pay taxes. It's a bit less, but you still have to. I always hear people complaining about the prize, but that's obvious when they buy it on amazon or some other sites for like 70$ more (without shipping!). The official shop is always the cheapest option. I don't understand why some people don't buy it from the official shop.
  3. http://www.just-fucking-google.it?s=make an exclusion powershell&e=finger
  4. Are you sure you run it as admin? If you do so and it still doesn't work, I recommend you to make an exclusion
  5. I don't even know what you are talking about
  6. Ayyy your 100th post🎉🎉
  7. Nein, das habe ich beides nicht gemacht. Ich lösche einfach die Zertifikate und mache sie nochmal neu. Ich glaube ich habe ein paar Sachen falsch gemacht: Es werden ja Fragen gestellt, z.B. Unter welchem Namen soll das Zertifikat signiert werden soll oder wo ist dein Standort und so. Was soll man da eingeben? Ich habe da einfach meinen eigenen Standort angegeben und so. War das falsch? Muss man von den erstellten Zertifikaten etwas kopieren und dann importieren? Ich habe alles auf dem Pineapple gelassen und einfach das Zertifikat vom Web genommen, wie ich das oben beschrieben habe. Wie du siehst mache sowas zum ersten Mal😅, danke für deine Hilfe nochmals :).
  8. I do not know exactly how many of the private users use a ms account, but what I know, is that almost every company uses local accounts for their employees. That means, if you'd use it on the field, depending on where you use it and in which environment, you'll probably be successful.
  9. Hallo, hat super funktioniert! Danke :). Ich kenne mich mit Zertifikaten nicht gut aus und habe noch eine Frage. Es hiess bei mir "nicht sicher" (oben beim Browser), ich habe das Zertifikat auch noch nicht Importiert. Ich klickte dann auf "nicht sicher > Zertifikat > Details > In Datei kopieren" und habe es dann so auf den Desktop kopiert. Dann habe ich das ganze in Chrome importiert und chrome neu gestartet. Leider hat das ganze nicht funktioniert, es heisst immer noch "nicht sicher". Ich versuchte dann noch ein zweites Zertifikat zu erstellen, falls ich beim ersten vielleicht etwas falsch ausgewählt hatte, doch auch hier bekam ich das gleiche Resultat. Was mache ich genau falsch?
  10. @Bob123 I think I got the solution finally. I have a Microsoft account as account on both my laptop and PC, so I can synchronize with OneDrive between them. As I said, I left it for 20 minutes and it didn't work. OK, so here is the solution: I tried it on another computer with a local account and not a microsoft account and guess what, after it booted up it instantly grabbed the hashes, like literally instantly. So for anyone who had the same problem as me, it only works on local accounts. But it still works. I'm so happy I finally found the answer.
  11. Hm, hard to tell, since I don't know when exactly this pops up. I need to know at which point of the payload this pops up. What parts of the payload did successfully execute?
  12. kuyaya

    Key Croc

    Wow, may I ask where you live? I also live in europe (switzerland to be exact), but I only had 10$ shipping, no 'handling' costs by customs and if I'm lucky I don't get taxed, if I'm unlucky I have to pay maybe around 25$ more.
  13. kuyaya

    Key Croc

    Why don't you just order it on the official site? It's cheaper there ime
  14. I'm honored and always glad to hear that it works, thank you 🙂 if you have another question, feel free to post it here :).
  15. kuyaya

    Key Croc

    Probably in a few hours
  16. Hey there 1. If the keyboard layout is the default USA one, you should be fine with the us.json file. You don't even have to do "DUCKY_LANG=us", you can just delete the line because the default language is us 2. On line 23 in the payload.txt: delete the whole line and replace it with: Q GUI r Q SHIFT ENTER # If it is shift-enter, you can leave it like that, if it is enter-shift, you have to switch shift with enter. Q STRING "powerShell -windowstyle hidden -ExecutionPolicy Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\bypass.ps1')" Q ENTER 3. Your computer language is in Chinese, that means it should also be in chinese. Try replacing it with something like "管理員" (got this from google translate). If you are not sure wether it is in english or chinese, go to powershell and execute "Get-LocalGroup". Here you should see the different groups. If they are in english, "administrators" should work, if they are in chinese, "administrators" won't work. To be 100% sure, you can execute {Get-LocalGroupMember "administrators"} (without the {}). If it returns you an error, it is not in english. If it executes successfully, it is in english.
  17. Bezüglich des Webzugangs über https:// Ich habe nur ein nano und leider noch keine SD Karte -> zu wenig Speicherplatz. Ich bin auch den Anweisungen gefolgt aber ich konnte libopenssl und openssl-util nicht installieren (wegen dem Speicherplatz). Ich werde mir noch eine sd karte holen, bis dann kann ich das aber selber leider nicht testen.
  18. Looks like we are gonna get a new tool 🙂 It isn't out yet (around 20 hours left). I guess it's gonna be something like a keylogger with CloudC2 access? Maybe with some more features like different kind of "payloads"🤔. I don't really know, but I'm hyped. You can order it at 12 midnight (around 8 hours left), so I guess I'll make my paypal ready till midnight 😉
  19. There are already several topics who already discuss the PasswordGrabber payload. Try looking at those. You can search for it using the search bar at the top right corner. Make sure you have the correct setup and you have no AV's running.
  20. Hm, I tried the commands exactly as you posted here and it worked for me (on the bunny), so there isn't a mistake with the commands. Try "apt-get upgrade grep", maybe that will help. What also kind of annoys me are those ▒▒. Try deleting those and try it again.
  21. @snow owlIch werde mich mal in das Thema einlesen und dann schauen wie ich dir dann helfen kann @G-RootWo genau brauchst du denn hilfe? Wo steckst du fest?
  22. are you sure that you did steup everything correctly? Remember these 3 points: lazagne.exe has to be in a zip file change the DUCKY_LANG=** to your language and change the word "administrators" in line 42 in bypass.ps1 to administrators in your language If you did all this and it still doesn't work, we can go on to the next step of troubleshooting.
  23. I just found something interesting: Avast does not detect LaZagne when you download it or even use it. At least not the free version of avast. It only detects it when you do a specified scan on the folder or directly on lazagne. I'm working on bypassing all the different AV's (at least the most popular).... don't expect the update too soon but I'm working on it.
  24. Hey guys, I'm here with another update. There was a bug that caused that the bunny didn't eject himself. The bug was caused because the script who does the ejection, runs on the bunny. While the script tells windows to eject the bunny, the script is still in use (on the bunny). Windows doesn't support ejecting devices who are in use. That means that I had to change the script so that the ejection commands will be executed from the computer and not from the bunny. I'll upload the update probably tomorrow on my github. I will make more improvements and adjustments until I'll make another pull request for the official hak5 github, so if you want to be sure that you have the latest version of LaZassword, go to my github on not to the hak5 github. Greetings, kuyaya Update is now online ^^
  25. Yes. It is really not hard and there are hundreds of tutorials. Here is one of them: https://www.youtube.com/watch?v=0wrnmU9wD1w If you don't know how to create a stick where you can boot from? That is your place to go: https://www.youtube.com/watch?v=iGGNW6gxTm8 Wait, did you really just reply to a question you asked?? I meam, the purpose of JtR is to crack hashes. So you need the login hashes. You can't just "crack login with JtR" without having hashes.
  • Create New...