Jump to content

bjlents

Active Members
  • Posts

    9
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

bjlents's Achievements

Newbie

Newbie (1/14)

  1. Sent you a message. Looks like it has a bit of an error. Going to try and dissect it while I wait on your reply.
  2. Thanks. I meant to post that I managed to get Garfield to output: |====================================================================| | | | The LaZagne Project | | | | ! BANG BANG ! | | | |====================================================================| [+] 0 passwords have been found. For more information launch it again with the -v option elapsed time = 6.19400000572 Have a nice day ;) Not quite sure what it's missing as I was getting some output before, but whatever. I'll be showing it on a fresh VM yeah, I'm just going to put in some dummy passwords like garfield@gmail.com would be LaZagne for instance. Does Mimikatz give passwords for browsers and things? I thought it was just for grabbing the Windows password.
  3. No I've not edited anything. I've been trying to dissect the payloads (SMBruteBunny and Garfield) to figure out how I'd combine them but haven't gotten far. The other road block I had was banging my head on the wall after starting the thread because I forgot to disable Defender Firewall which prevented SMBruteBunny from bruteforcing the password. I still haven't figured out what is causing Garfield to not see the passwords in Firefox (or anything else)
  4. All good. I'm on your schedule. I appreciate you looking at it. Finally got SMBruteBunny working again. I facepalmed so hard when I realized I hadn't disabled Defender's Firewall when I did my hardware install. Doubt that is the issue preventing Garfield from getting say Firefox's passwords since it runs and shows the text Have a nice day ;) Yeah did not help any. I'm thinking it's probably looking in the wrong places maybe?
  5. Thanks for that @PoSHMagiCOde I'll look into it. I'm somewhat familiar with Empire just kind of outside the scope of this. I'm still not getting any passwords grabbed by Garfield and SMBruteBunny still has that PPF so no idea. Anyone had a chance to look at any of this either the errors or combining anything? Meant to post this yesterday but just got internet back so Happy Thanksgiving everyone!
  6. Ok. For some reason I can't get SMBruteBunny to run, though I had it running not long ago. Though at least SMBruteBunny is actually giving me a ppf file in the payloads/switch1/ folder now. Target: 172.16.64.10 Username count: 9 Password count: 102 Estimated attempts: 918 User-as-Pass Mode: False Honey Badger Mode: False Verbose: False Time: 12:02 AM on November 24, 2020 Ended at: 12:03 AM on November 24, 2020 Traceback (most recent call last): File "/root/udisk/payloads/switch1/mmcbrute/mmcbrute.py", line 185, in <module> brute.run() File "/root/udisk/payloads/switch1/mmcbrute/mmcbrute.py", line 76, in run smb_connection = SMBConnection(self.target, self.target) File "/usr/local/lib/python2.7/dist-packages/impacket/smbconnection.py", line 74, in __init__ self.negotiateSession(preferredDialect) File "/usr/local/lib/python2.7/dist-packages/impacket/smbconnection.py", line 111, in negotiateSession self._timeout, True, flags1=flags1, flags2=flags2, data=negoData) File "/usr/local/lib/python2.7/dist-packages/impacket/smbconnection.py", line 159, in _negotiateSession timeout) File "/usr/local/lib/python2.7/dist-packages/impacket/nmb.py", line 833, in __init__ timeout=timeout, local_type=local_type, sock=sock) File "/usr/local/lib/python2.7/dist-packages/impacket/nmb.py", line 705, in __init__ self._sock = self._setup_connection((remote_host, sess_port), timeout) File "/usr/local/lib/python2.7/dist-packages/impacket/nmb.py", line 844, in _setup_connection raise socket.error("Connection error (%s:%s)" % (peer[0], peer[1]), e) socket.error: [Errno Connection error (172.16.64.10:445)] timed out Garfield seems to run fine and generates the files in the loot folder but it's empty other than the Have a nice day ;) It's not list the dummy passwords I put into Firefox
  7. I have two weeks to finish this so a couple days is nothing. What I'd be more interested in is your methodology, which would help me replicate things and explain when I have to write it up in my paper. I'm almost done with my other projects and this is supposed to be a more fun assignment. I'm going to start writing up what I've already tried and such for the paper tomorrow after I finish this last assignment I think. What I've tested, what I didn't use and why that kind of stuff. I'm currently going back and making sure everything works as is (with both SMBruteBunny and Garfield -- I mispoke earlier it's not LaZagne it's Garfield which uses LaZagne -- and I might cut the wordlist down (it helps knowing the right password obviously)
  8. Scripting is not my area of expertise, I'm working on it but I have so many projects and things going on I need a little help getting off the ground on this one. I have them (SMBruteBunny and LaZagne) working individually, though it's been a hot minute since I did LaZagne, SMBruteBunny is a recent switch in so I might do that again while waiting on a reply. I just want to tie them together and am having trouble breaking them down into the pieces needed. For instance I don't necessarily want all of the passwords on the host, maybe just the browser stuff (like you'd get if you ran LaZagne's browser module). I also do not quite know where to start on the message, is there a way to just have it Echo the message on the screen (maybe using HID to have it 'type' the message in)? These are the things I'm trying to figure out.
  9. Hello All, I'm a student in a Bachelor's program. I've been given an assignment and I have not had time to mess with things as much as I'd have liked. I need to do something interesting. I was wondering if it would be possible to chain scripts together. By that I mean, only put payloads in say Switch 1 mode. Then when say the SMBruteBunny payload completed it would trigger LaZagne and when both completed show an output on screen like an ASCII image or something. I get that I could run just two payloads with the Switches but I'd like to display an image or ASCII message at the end like a "You've been hacked" thing for fun and it would be more interesting than just doing the bare minimum. I mean I'll use the switches if I have to but I've been trying to figure this out on my own or on reddit and completely forgot to post it here XD About the test bed it'll be a computer or VM with Windows 10. I'll be setting it up with username which will be added to the payload's userlist with a password from RockYou. I'll then make a few dummy profiles in Firefox with passwords for LaZagne to grab.
×
×
  • Create New...