Jump to content

Mubix Snagging Creds


b0N3z

Recommended Posts

So i have setup a raspberry pi zero with gadet mode (g_ether) and used raspbian jessie light.  I followed mubix tutorial for setting up the usb armory because they are both linux, it shouldn't be any different because of the device.  So I got the whole thing configured and I plug it into my macbook (also tried with windows) and I get nothing.  The pi powers up and runs responder and I get a log from that but It only tells me what responder has done.  I can ssh into the pi from the static IP set during configuration.  When I run sqlite3 /root/responder/Responder.db 'select * from responder' to get the results, it shows "Error: no such table: responder".  So im a little confused or im just overlooking something important. 

Link to comment
Share on other sites

root@TheFYGS:~# sqlite3 /root/responder/Responder.db 

SQLite version 3.8.7.1 2014-10-29 13:59:56

Enter ".help" for usage hints.

sqlite> .tables

sqlite> .exit

root@TheFYGS:~# 

 

So it shows no tables at all, which is probably why its not working?

 

Link to comment
Share on other sites

i made a logs directory for screen and I get logs but it just shows responder has run. this is what all my logs show.

 

           ^[[1;33mNBT-NS, LLMNR & MDNS Responder 2.3^[[0m

 

  Author: Laurent Gaffie (laurent.gaffie@gmail.com)

  To kill this script hit CRTL-C

 

 

^[[1;32m[+] ^[[0mPoisoners:

    LLMNR                      ^[[1;32m[ON]^[[0m

    NBT-NS                     ^[[1;32m[ON]^[[0m

    DNS/MDNS                   ^[[1;32m[ON]^[[0m

 

^[[1;32m[+] ^[[0mServers:

    HTTP server                ^[[1;32m[ON]^[[0m

    HTTPS server               ^[[1;32m[ON]^[[0m

    WPAD proxy                 ^[[1;32m[ON]^[[0m

    SMB server                 ^[[1;32m[ON]^[[0m

    Kerberos server            ^[[1;32m[ON]^[[0m

    SQL server                 ^[[1;32m[ON]^[[0m

    FTP server                 ^[[1;32m[ON]^[[0m

    IMAP server                ^[[1;32m[ON]^[[0m

    POP3 server                ^[[1;32m[ON]^[[0m

    SMTP server                ^[[1;32m[ON]^[[0m

    DNS server                 ^[[1;32m[ON]^[[0m

    LDAP server                ^[[1;32m[ON]^[[0m

 

^[[1;32m[+] ^[[0mHTTP Options:

    Always serving EXE         ^[[1;31m[OFF]^[[0m

    Serving EXE                ^[[1;31m[OFF]^[[0m

    Serving HTML               ^[[1;31m[OFF]^[[0m

    Upstream Proxy             ^[[1;31m[OFF]^[[0m

 

^[[1;32m[+] ^[[0mPoisoning Options:

    Analyze Mode               ^[[1;31m[OFF]^[[0m

    Force WPAD auth            ^[[1;32m[ON]^[[0m

    Force Basic Auth           ^[[1;31m[OFF]^[[0m

    Force LM downgrade         ^[[1;31m[OFF]^[[0m

    Fingerprint hosts          ^[[1;32m[ON]^[[0m

 

^[[1;32m[+] ^[[0mGeneric Options:

    Responder NIC              ^[[1;35m[usb0]^[[0m

    Responder IP               ^[[1;35m[192.168.2.201]^[[0m

    Challenge set              ^[[1;35m[1122334455667788]^[[0m

 

^[[1;32m[+]^[[0m Listening for events...

Setting up watches.

Watches established.

The logs in the responder folder under logs are all blank except Responder-session.log but it only seems to show responder settings and paths for logs to be saved but not the results were looking for.                       

Edited by b0N3z
Link to comment
Share on other sites

  • 3 weeks later...

Just delete the responder.db that comes with the git package. When you grab the responder script from git it comes with an empty db file which the script assumes has the table already created. The script will recreate it correctly. I'm halfway through creating a walk through of making this on the raspberry pi zero, i can post it if you are interested.

Link to comment
Share on other sites

On 30/09/2016 at 4:28 PM, th3s3cr3tag3nt said:

Just delete the responder.db that comes with the git package. When you grab the responder script from git it comes with an empty db file which the script assumes has the table already created. The script will recreate it correctly. I'm halfway through creating a walk through of making this on the raspberry pi zero, i can post it if you are interested.

I would be interested in that myself as well.
cheers

Link to comment
Share on other sites

On 9/30/2016 at 10:28 AM, th3s3cr3tag3nt said:

Just delete the responder.db that comes with the git package. When you grab the responder script from git it comes with an empty db file which the script assumes has the table already created. The script will recreate it correctly. I'm halfway through creating a walk through of making this on the raspberry pi zero, i can post it if you are interested.

thats good to know and I followed mubix and another guys tutorials for the raspberry pi zero and it was going great till my Mac quit recognizing my pi as a rndis device and now im lost on trying to get it working agian.  I have install hordnis for mac and that still didnt help and my linux box wont pick it up either as an ethernet device that i can ssh into via pi@raspberrypi.local.  I have changed the dhcp settings for the pi and the mac and still no luck getting it to connect so now im wondering how effective this will be for me.

Link to comment
Share on other sites

On 01/10/2016 at 4:57 PM, kerravon said:

I would be interested in that myself as well.
cheers

I've put it up at https://th3s3cr3tag3nt.blogspot.com although it still needs a bit of work, I'll upload the video of it working when I can. Let me know of any difficulties or anything that's not clear and I'll update it. Apart from some funky dnsmasq config the main area i deviated from the other tutorials was in using ethernet to configure the Pi, but using the usb0 interface for the attack.

Link to comment
Share on other sites

On 10/2/2016 at 11:24 AM, th3s3cr3tag3nt said:

I've put it up at https://th3s3cr3tag3nt.blogspot.com although it still needs a bit of work, I'll upload the video of it working when I can. Let me know of any difficulties or anything that's not clear and I'll update it. Apart from some funky dnsmasq config the main area i deviated from the other tutorials was in using ethernet to configure the Pi, but using the usb0 interface for the attack.

This looks great.  I finally got my pi zero working with my mac to ssh into and i also ordered another pi zero to do this.  Why use DNSmasq for the pi zero? I never saw that with the usb armory or the lan turtle.  Anyways, awesome write up im looking forward to trying it out when i get my new pi zero

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...