Jump to content

Quickcreds issue

M@$T

By M@$T
in LAN Turtle

 Share

Recommended Posts

M@$T Newbie

M@$T

Posted
Posted

I know there is a similar thread open however this will be specifically used for people who are not managing to use the quick creds module to work on the turtle. 

My issue is that when plugged into Windows 10 the amber LED keeps blinking to infinity and I am not able to get a hash. Whoever has the same issue or maybe anyone managed to make the turtle with the quick creds please shed some light.

Link to comment
Share on other sites
D4rkOperat0r Newbie

D4rkOperat0r

Posted
Posted
On 19/10/2016 at 3:33 AM, M@$T said:

I know there is a similar thread open however this will be specifically used for people who are not managing to use the quick creds module to work on the turtle. 

My issue is that when plugged into Windows 10 the amber LED keeps blinking to infinity and I am not able to get a hash. Whoever has the same issue or maybe anyone managed to make the turtle with the quick creds please shed some light.

I'm having the same issue but I've found file with hashes in /etc/turtle/Responder/logs directory. Check there.

Link to comment
Share on other sites
cyb3rwr3ck Newbie

cyb3rwr3ck

Posted
Posted
On 10/21/2016 at 7:29 PM, D4rkOperat0r said:

I'm having the same issue but I've found file with hashes in /etc/turtle/Responder/logs directory. Check there.

Hmmm, I am facing the same issue. Factory reset of the turtle, opkg update, then configuration of the quickcreds module using the turtle shell.

The log folders I see in the /etc/turtle/Responder/logs folder are linked to /root/loot as it should be, but there is nothing in it.

On the wire I can see that the poisoning is woking and windows is using the faked proxy which is asking for NTML authentication. Anyway no hashes are dumped to the turtle. I have tested the setup with a domain joined win 7 pro and a stand alone win 10 home.

Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
Posted
16 hours ago, M@$T said:

Starting to believe this was just a hoax for people to buy more turtles :( 

Is there someone here who actually managed to make this work on domain and local PCs?

Plenty of people have, yes. If you check the other threads, people have had success.

Link to comment
Share on other sites
  • 2 weeks later...
Darren Kitchen Grand Master

Darren Kitchen

Posted
Posted

I just noticed an issue with the symlink creation from /etc/turtle/Responder/logs -> /root/loot/# that was preventing logs from saving to the incrementally numbered directories.

I've updated the module to fix this. You can either uninstall the module manually by following the commands below, then reinstalling and configuring from modulemanager, or you can apply the fix below.

Manual uninstall: 

rm -rf /etc/turtle/Responder
rm /etc/turtle/modules/QuickCreds
rm -rf /root/loot

To apply the one-line fix, edit /etc/turtle/Responder (with nano or vi) and find line 118 (CTRL+C shows line # in nano). Then replace the following: 

rm /etc/turtle/Responder/logs/*

with 

rm -rf /etc/turtle/Responder/logs

 

Link to comment
Share on other sites
M@$T Newbie

M@$T

Posted
  • Author
Posted
On 11/3/2016 at 1:20 PM, sureal808 said:

Has anyone been able to have the hash bypass the lock screen or just able to gather creds?

 

I can get mine to capture creds but I want it to go the next step....

Is yours stuck on the blinking LEDs?

Link to comment
Share on other sites
M@$T Newbie

M@$T

Posted
  • Author
Posted
On 11/5/2016 at 1:32 AM, Darren Kitchen said:

I just noticed an issue with the symlink creation from /etc/turtle/Responder/logs -> /root/loot/# that was preventing logs from saving to the incrementally numbered directories.

I've updated the module to fix this. You can either uninstall the module manually by following the commands below, then reinstalling and configuring from modulemanager, or you can apply the fix below.

Manual uninstall: 


rm -rf /etc/turtle/Responder
rm /etc/turtle/modules/QuickCreds
rm -rf /root/loot

To apply the one-line fix, edit /etc/turtle/Responder (with nano or vi) and find line 118 (CTRL+C shows line # in nano). Then replace the following: 


rm /etc/turtle/Responder/logs/*

with 


rm -rf /etc/turtle/Responder/logs

 

Thanks @Darren Kitchen for the update!

 

Any idea why the turtle keeps on blinking amber? doesnt seem to be snatching creds from my Win 10 pc

Link to comment
Share on other sites
  • 4 months later...
  • 3 months later...
  • 1 year later...
nocomp Newbie

nocomp

Posted
Posted
On 11/8/2016 at 7:40 AM, M@$T said:

Thanks @Darren Kitchen for the update!

 

Any idea why the turtle keeps on blinking amber? doesnt seem to be snatching creds from my Win 10 pc

hii,

i bought it for this purpose, and it s not working, not quite happy...

 

i ve reinstalled the module many times but no responder directory, any idea why?


root@turtle:/etc/turtle# ls -a /etc/turtle
.                  HELP               httppost           smtpemail
..                 LICENSE            meterpreter        ssh
EULA               autostart_modules  modules
root@turtle:/etc/turtle#
 

 

if you have any tips for help me to succeed, pls share

thx for your time

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...