Jump to content

Search the Community

Showing results for tags 'quickcreds'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • WiFi Pineapples Mark I, II, III
  • Hak5 Gear
    • Hak5 Cloud CĀ²
    • Bash Bunny
    • Packet Squirrel
    • LAN Turtle
    • USB Rubber Ducky
    • Plunder Bug
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 13 results

  1. Hi everybody, I bought my LAN Turtle and i have a problem in configuration of Quicreds and Responder. QuickCreds not working, leds blink, but /root/loot/ 1, 2, 3 are definitely empty. So i just tried to manually start Quickcreds from Turtle GUI and i can see this error : Stopping DHCP Detect Blink Script Terminated LED will blink rapidly while QuickCreds is running. LED will light solid upon NTLM hash capture. If starting this module from Turtle Shell menu, press CTRL+C to return. ln: /etc/turtle/Responder/logs: No sych file or directory I upgraded manually "turtle.bin" (with success), but this problem is always here. Have you any suggestion ?
  2. Hello, I just received my first LanTurtle and i wanted to test it with the quickcreds module, however when the modul is loaded en I plug it in a Logged on machine, the orange light keeps blinking and there are no log files what so ever, the module script keeps making the number folders but they are all empty. and the responder.log only states -->> Starting attack...
  3. After much chagrin and googling, we found that QuickCreds will not work on the lan turtle because of disk space issues. Here's our fix! (we take no responsibility if you break something/somebody. Only hack when you have prior approval and authorization!) Factory reset, or push the turtle-5.bin firmware to reset (probably need to upgrade to v5 anyway). This makes sure you are set to base. YMMV. Open the lan turtle, push and hold the reset button for at least 5 seconds after plugging it into the machine ssh in to 172.16.84.1, sh3llz, change password Update the modules list Only install QuickCreds for now, so we have enough space Select QuickCreds and configure Let it install it's dependencies You can now set QuickCreds to 'Enable' so that it will start at boot DO NOT REBOOT YET! At this point, we're going to exit and git clone the responder package DO NOT INSTALL RESPONDER FROM THE TURTLE MODULES LIST ITSELF Exit 'turtle' back to a basic root shell Git clone the Responder package first to /tmp since there is plenty of space. git clone git://github.com/lgandx/Responder /tmp/Responder BUT DON'T REBOOT YET, CAUSE YOU'LL LOSE EVERYTHING IN /tmp du -sh /tmp/Responder 3.8M rm -rf /tmp/Responder/.git rm -rf /tmp/Responder/tools/MultiRelay/ du -sh /tmp/Responder 450.5k We also want to remove the git package as it takes up >1MB of space. QuickCreds installs it /only/ to git the Responder package šŸ˜• opkg remove git df -h 1.2M available on / Move the Responder package back to /etc/turtle/ for QuckCreds to find it mv /tmp/Responder/ /etc/turtle/ df -h 1.1M still available on / now (w00t) The QuickCreds module is hardcoded to use br-lan as the interface. This doesn't exist, so we need to change it to eth0. Another šŸ˜• sed -i 's/br-lan/eth0/' /etc/turtle/modules/QuickCreds You should now have at least 1MB of storage on / and plenty of space for /root/loot to write to, as well as have Responder available for QuickCreds Pop the turtle in a Windows system and wait about 30 seconds until the amber light goes solid, CREDS!!! Copy and paste the hash from /root/loot/#/HTTP-NTLMv2-172.16.84.127.txt Paste into a hash file and send it to john with a wordlist john hash.txt --wordlist=wordlist.txt Testing shows this works whether the laptop is locked or not locked. These hashes can not be replayed, only cracked. You still have plenty of space to return to the turtle shell and install any other modules you need at this point. You may need git for something else, but probably not enough space. This set up is for the "Grab creds from a locked Workstation" scenario. You may need MultiRelay for something else...? Not needed for QuickCreds. ENJOY!
  4. Hi all, Having a fun battle getting quickcreds and responder going on my turtle (with v4 firmware). I've got through the 'not enough space' bit to get responder up and going, but things are still failing. Looking at the script, a key line is where responder is invoked, including the bit 'python Responder.py -I br-lan -w -r -d -P' What is foxing me is how this would ever work. My device does not have a br-lan network interface, just the usual eth0, eth1 etc. So, I could hack the script to call something like 'python Responder.py -I eth0 -w -r -d -P', but my question is how could the script ever work? What am I missing? Any thoughts appreciated!
  5. Not sure if this in the right place for this... What are the best defenses against this attack? I'm more interesting in logical controls that can be implemented to protect against this threat that physical ones.
  6. Hi guys. Read with interest for months, and took the plunge and purchased a bash bunny last week. Running Windows 10 pro x64 I'm trying to get quickcreds to work. I've updated to the latest firmware, downloaded the latest payloads, and added Impact and Responder to tools when trying to get dumpcreds to work (unsuccessfully). Whilst it appears to initialise, most of the payloads I try and run, other than some of the simple "none capture" ones end with a flashing red light, with nothing captured. I've tried to find a way of restoring to factory (not resetting the device, power up, green light, remove 3 times etc), in case I've done something wrong when initially messing with the device, but cannot see away to do this. Can anyone give this frustrated newbie any pointers? I have red the threads on quickcreds, and had no joy. If there's a thread that i've missed, please feel free to point me to that, or any other resource that could help me. As I said, very new to this, and have next to no experience with Linux, which \i know doesn't help, but am happy to putty into the device with a little guidance. Thank you in advance guys. Matt
  7. Has anyone evaluated the feasibility of using responder on the packet squirrel? Using on the Bash Bunny/Turtle is awesome, but I can see how putting it on a device which utilizes the supported Ethernet connection would expand the possibility of using something like the QuickCreds payload.
  8. So, I've got the Bashbunny and I'm testing out Quickcreds and I get nothing but the blinking Amber light. I've have tried on multiple PC's and still blinking amber. I've put NFL.com and other sites up on browsers and then locked the machine to run Quickcreds and still nothing. I've configured all of the pentest and loot directories as well. It will create a directory under loot with the name of the machine, but no data in it. And I've let it run for an hour. I've used the nmapper payload and it worked fine. So, it is writing to the loot directory. I used the Mr. Robot one, and nothing with that. Looking for any sort of direction. And yes, I've read the other postings here and made sure I had everything configured.
  9. deck_bsd

    QuickCreds

    Hi everybody, I just flashed my bash bunny to the new 1.3 version of the firmware. I would like to test the QuickCreds payload on my windows 10 Enterprise. It seems to be stuck in yellow mode (LED ATTACK) forever. Responder is correctly installed into the tools folder. In loot/QuickCreds i have a good folder name but nothing into it. I m doing something wrong ? i have noticed some few thins like, in the payload , it is using the -P option but responder.py doesn 't have it, i erased it, but nothing change. Any ideas ? The thing is, before i just change the LED color , when i tried QuickCreds, after the setup light it was directly the blinking green ligh (i didn't get the yellow one, that's why i would like to test it). After i modified those LED instruction (juste the LED i promes) , the payload always stay in yellow mode. Thanks in advance for your support :-)
  10. Hey guys? I have been trying the executable installer and usb exfiltrator for bash bunny but it's not working. The only payload that is working is the quickcreds payload. Is it because I installed the tools that the executable installer and usb exfiltrator are not working? I made sure that the "d.cmd", "e.cmd" and "i.vbs" files are in the ROOT of the the bashbunny and the "payload.txt" is in the "switch1" of the Bash Bunny. What is going on? Please help.
  11. **IT Issue, not directly Turtle Related** Hi Guys, I'm loving the Turtle, however, I've been able to get everything working however, I'm having an issue. When I use QuickCreds, or configured Responder, I capture the NTLM hash fine, but when I go to process it in Hashcat, with the known account credentials in the password file, or a weak password that I know and brute force it, I never get the calculated plaintext. The hash is seen as correct, and viable within Hashcat, but it's not valid. This is the example NTLM from Hashcat, which works fine: admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 (Processes to "hashcat") This is my capture with some details adjusted so that it remains private: REDACTED$::REDACTED:1122334455667788:REDACTEDFB7CBC971F7DEE1FREDACTED:0101000$ So why is this happening? The only thing I could think is that it's on a domain, (I've been given permission to this this, so don't worry) Thanks in advance.
  12. Hello, I just received my first LanTurtle and i wanted to test it with the quickcreds module, however when the modul is loaded en I plug it in a Logged on machine, the orange light keeps blinking and there are no log files what so ever, the module script keeps making the number folders but they are all empty. and the responder.log only states -->> Starting attack...
  13. Hi all, I have been playing with my Lan Turtle over the weekend, I noticed there is now the QuickCreds module available for install. I updated the Lan Turtle, installed the QuickCreds module and then went to configure, where I was prompted to download required dependencies. I selected "Yes" and let it do its thing. After about 5 minutes passed andI started seeing wget errors appearing stating that it was unable to reach the server. Is there any issues with the server that hosts those dependencies? I was able to install and update other modules. It just seems to happen to this module. Thanks,
×
×
  • Create New...