M@$T Posted October 19, 2016 Share Posted October 19, 2016 I know there is a similar thread open however this will be specifically used for people who are not managing to use the quick creds module to work on the turtle. My issue is that when plugged into Windows 10 the amber LED keeps blinking to infinity and I am not able to get a hash. Whoever has the same issue or maybe anyone managed to make the turtle with the quick creds please shed some light. Link to comment Share on other sites More sharing options...
janpol Posted October 20, 2016 Share Posted October 20, 2016 I am having the exact same issue :( Link to comment Share on other sites More sharing options...
m40295 Posted October 20, 2016 Share Posted October 20, 2016 have you checked the responder config I found a line in there to edit AutoIgnoreAfterSuccess = Link to comment Share on other sites More sharing options...
D4rkOperat0r Posted October 21, 2016 Share Posted October 21, 2016 On 19/10/2016 at 3:33 AM, M@$T said: I know there is a similar thread open however this will be specifically used for people who are not managing to use the quick creds module to work on the turtle. My issue is that when plugged into Windows 10 the amber LED keeps blinking to infinity and I am not able to get a hash. Whoever has the same issue or maybe anyone managed to make the turtle with the quick creds please shed some light. I'm having the same issue but I've found file with hashes in /etc/turtle/Responder/logs directory. Check there. Link to comment Share on other sites More sharing options...
cyb3rwr3ck Posted October 23, 2016 Share Posted October 23, 2016 On 10/21/2016 at 7:29 PM, D4rkOperat0r said: I'm having the same issue but I've found file with hashes in /etc/turtle/Responder/logs directory. Check there. Hmmm, I am facing the same issue. Factory reset of the turtle, opkg update, then configuration of the quickcreds module using the turtle shell. The log folders I see in the /etc/turtle/Responder/logs folder are linked to /root/loot as it should be, but there is nothing in it. On the wire I can see that the poisoning is woking and windows is using the faked proxy which is asking for NTML authentication. Anyway no hashes are dumped to the turtle. I have tested the setup with a domain joined win 7 pro and a stand alone win 10 home. Link to comment Share on other sites More sharing options...
M@$T Posted October 24, 2016 Author Share Posted October 24, 2016 Starting to believe this was just a hoax for people to buy more turtles :( Is there someone here who actually managed to make this work on domain and local PCs? Link to comment Share on other sites More sharing options...
Sebkinne Posted October 25, 2016 Share Posted October 25, 2016 16 hours ago, M@$T said: Starting to believe this was just a hoax for people to buy more turtles :( Is there someone here who actually managed to make this work on domain and local PCs? Plenty of people have, yes. If you check the other threads, people have had success. Link to comment Share on other sites More sharing options...
barry99705 Posted October 26, 2016 Share Posted October 26, 2016 I've had it not work, and have had it work. Like I've said a few times before, it won't work on every computer. Link to comment Share on other sites More sharing options...
sureal808 Posted November 3, 2016 Share Posted November 3, 2016 Has anyone been able to have the hash bypass the lock screen or just able to gather creds? I can get mine to capture creds but I want it to go the next step.... Link to comment Share on other sites More sharing options...
Darren Kitchen Posted November 5, 2016 Share Posted November 5, 2016 I just noticed an issue with the symlink creation from /etc/turtle/Responder/logs -> /root/loot/# that was preventing logs from saving to the incrementally numbered directories. I've updated the module to fix this. You can either uninstall the module manually by following the commands below, then reinstalling and configuring from modulemanager, or you can apply the fix below. Manual uninstall: rm -rf /etc/turtle/Responder rm /etc/turtle/modules/QuickCreds rm -rf /root/loot To apply the one-line fix, edit /etc/turtle/Responder (with nano or vi) and find line 118 (CTRL+C shows line # in nano). Then replace the following: rm /etc/turtle/Responder/logs/* with rm -rf /etc/turtle/Responder/logs Link to comment Share on other sites More sharing options...
M@$T Posted November 8, 2016 Author Share Posted November 8, 2016 On 11/3/2016 at 1:20 PM, sureal808 said: Has anyone been able to have the hash bypass the lock screen or just able to gather creds? I can get mine to capture creds but I want it to go the next step.... Is yours stuck on the blinking LEDs? Link to comment Share on other sites More sharing options...
M@$T Posted November 8, 2016 Author Share Posted November 8, 2016 On 11/5/2016 at 1:32 AM, Darren Kitchen said: I just noticed an issue with the symlink creation from /etc/turtle/Responder/logs -> /root/loot/# that was preventing logs from saving to the incrementally numbered directories. I've updated the module to fix this. You can either uninstall the module manually by following the commands below, then reinstalling and configuring from modulemanager, or you can apply the fix below. Manual uninstall: rm -rf /etc/turtle/Responder rm /etc/turtle/modules/QuickCreds rm -rf /root/loot To apply the one-line fix, edit /etc/turtle/Responder (with nano or vi) and find line 118 (CTRL+C shows line # in nano). Then replace the following: rm /etc/turtle/Responder/logs/* with rm -rf /etc/turtle/Responder/logs Thanks @Darren Kitchen for the update! Any idea why the turtle keeps on blinking amber? doesnt seem to be snatching creds from my Win 10 pc Link to comment Share on other sites More sharing options...
M@$T Posted November 8, 2016 Author Share Posted November 8, 2016 When I open the responder logs all I can see is "Starting attack" and that is it Link to comment Share on other sites More sharing options...
sn0wfa11 Posted March 20, 2017 Share Posted March 20, 2017 Having the same issue here. Have not gotten this module to work yet. Link to comment Share on other sites More sharing options...
drakorg Posted June 22, 2017 Share Posted June 22, 2017 All the success cases I've read so far were always domain based. Is it supposed to work on non-domain computers too? Thanks. Link to comment Share on other sites More sharing options...
nocomp Posted June 15, 2019 Share Posted June 15, 2019 On 11/8/2016 at 7:40 AM, M@$T said: Thanks @Darren Kitchen for the update! Any idea why the turtle keeps on blinking amber? doesnt seem to be snatching creds from my Win 10 pc hii, i bought it for this purpose, and it s not working, not quite happy... i ve reinstalled the module many times but no responder directory, any idea why? root@turtle:/etc/turtle# ls -a /etc/turtle . HELP httppost smtpemail .. LICENSE meterpreter ssh EULA autostart_modules modules root@turtle:/etc/turtle# if you have any tips for help me to succeed, pls share thx for your time Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.