levic08 Posted August 11, 2017 Share Posted August 11, 2017 9 hours ago, Sebkinne said: No. I'm sorry. I'm kind of new. How are you supposed to install the tools then? Link to comment Share on other sites More sharing options...
Lord_KamOS Posted August 11, 2017 Share Posted August 11, 2017 18 minutes ago, levic08 said: How are you supposed to install the tools then? https://wiki.bashbunny.com/#!./index.md#Tools Link to comment Share on other sites More sharing options...
dragmus31 Posted August 29, 2017 Share Posted August 29, 2017 Does anyone know how to speed up the process because when I run quick creds on a locked Windows machine or an unlocked machine it simply continues flashing Amber and appears to not be able to grab credentials Link to comment Share on other sites More sharing options...
smelly Posted September 2, 2017 Share Posted September 2, 2017 Doesn't seem to work on Microsoft account on windows 10. Stalls out on the amber light and never finishes. If I use a local account works great. Any work around? Link to comment Share on other sites More sharing options...
dragmus31 Posted September 2, 2017 Share Posted September 2, 2017 After installing the GitHub library on my bashbunny quick quickcreds works just fine don't forget to install n setup impacket Link to comment Share on other sites More sharing options...
dragmus31 Posted September 15, 2017 Share Posted September 15, 2017 Does anyone know why quick creds does not work for windows 10 64bit anymore? For some reason it is no longer acting as the main source of internet if im connected to wifi or ethernet the bashbunny doesn't override it and even when it's the main source of net it still stays flashing amber and never grabs any information what so ever Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 15, 2017 Share Posted September 15, 2017 Try launching ie 11 and then try it. Not edge or chrome. Chrome will prompt, edge will too now I believe because MS sandboxed it, or is going to. It doesn't work as well for win10 because ms turned down the chattiness of win10. Plus they added a few other things like trusted sources, etc, etc. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted September 18, 2017 Share Posted September 18, 2017 You could try boosting the speed of the Bunny's adapter, but I'm not sure it would work (e.g. setting RNDIS_SPEED_10000000, essentially telling the PC it's *almost* a 10Gb connection). Link to comment Share on other sites More sharing options...
MikeB Posted October 5, 2017 Share Posted October 5, 2017 I'm having a very similar problem but it started after I ran the bunnyupdater. Ran the updater which updated the firmware from 1.0 to current (1.3-264). I then tried to run quickcreds and receive the Fail1 (slow blinking red) light. I've run the current install tools from here on Hak5 forum. However, I bunny never installs or moves the files. I've manually created pentest folder and copied the two folders from tools to install but no luck. Is there a way to see if responder is installed on Bunny? Perhaps through serial? Can I manually install it and how do I? Has anyone ever had to reset theirs to factory? is that possibility? Thank you for any help Link to comment Share on other sites More sharing options...
MikeB Posted October 6, 2017 Share Posted October 6, 2017 I think I made some process. I copied the responder folder from /tools/pentest/responder to /tools/responder and quickcreds is now showing a fast red flash (fail 2) instead of the slower red flash (Fail 1.) I feel that I've buggered this up in some fashion but I'm not sure how. Again, thanks for any help. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 6, 2017 Share Posted October 6, 2017 I have no issues with this script. Download the needed Tools from the official Wiki. Put them into the Tools folder using arming mode, eject the BashBunny and reinsert. That will get the BashBunny to install the Deb files into the /tools folder of the BashBunny itself. After that you should be good to go. Link to comment Share on other sites More sharing options...
MikeB Posted October 9, 2017 Share Posted October 9, 2017 I've followed the steps in this video - Snagging Windows credentials with QuickCreds Part 1 and I've been able to capture from my windows box while unlocked. Thank you Link to comment Share on other sites More sharing options...
Enso Posted October 21, 2017 Share Posted October 21, 2017 I just thought of a fix for this that may work but I don't have my bash bunny to test it. Could you turn off internet in the bottom right before trying this on the log screen? Press the little icon bottom right. Press the slider on the adapter to off Press back on main screen Try now Microsoft may be contacting its server or something as part of the new fix on the creators update on live accounts. Due to local accounts being known to work on the new creators update this may just work. Link to comment Share on other sites More sharing options...
Enso Posted October 21, 2017 Share Posted October 21, 2017 14 minutes ago, Enso said: I just thought of a fix for windows 10 live account that may work but I don't have my bash bunny to test it. Could you turn off internet in the bottom right before trying this on the log screen? Press the little icon bottom right. Press the slider on the adapter to off Press back on main screen Try now Microsoft may be contacting its server or something as part of the new fix on the creators update on live accounts. Due to local accounts being known to work on the new creators update this may just work. If not it may be stored in another location ect as when you try signing in with internet off and you give it the wrong password it says to use the last used password used on the device so it has to be somewhere. This is what i meant to say. deep apologizes I cannot seem to find the edit function and it seems I left a bit out. Link to comment Share on other sites More sharing options...
Shad0wChick46 Posted November 30, 2017 Share Posted November 30, 2017 mine is also yellow forever and as im trying to get creds from my machine while its locked I can go into chrome or watch wireshark. responder is installed and works when the computer is not locked but i need it to work while it is locked. Any ideas? Link to comment Share on other sites More sharing options...
v0dka Posted December 18, 2017 Share Posted December 18, 2017 Tested on a locked windows 10 box. It worked well. But failed on a locked windows 7 that in a domain environment Link to comment Share on other sites More sharing options...
v0dka Posted December 18, 2017 Share Posted December 18, 2017 On 2017/12/1 at 2:00 AM, Shad0wChick46 said: mine is also yellow forever and as im trying to get creds from my machine while its locked I can go into chrome or watch wireshark. responder is installed and works when the computer is not locked but i need it to work while it is locked. Any ideas? I met the same question. you tested on windows 7 or 10? Link to comment Share on other sites More sharing options...
srproctor Posted December 28, 2017 Share Posted December 28, 2017 Hi, How would one know what Algorithm is being used (i.e. NTLM, MD4, etc.) for the Hash? Does it depend on the type of machine (Windows 10, Mac OS, Linux,) or something entirely different? Please advise. Link to comment Share on other sites More sharing options...
caretaker Posted January 9, 2018 Share Posted January 9, 2018 Hello all, I am having trouble getting quickcreds to work as well. I get the FAIL1 (slow red blink) even though Responder is installed and I can run it from the terminal. I shouldn't be getting this error. Any ideas? Link to comment Share on other sites More sharing options...
KiraX Posted January 15, 2018 Share Posted January 15, 2018 I would like to ask, I use bashbunny captured the following information: The general hash looks only 32, but I grabbed a few computers here are the same length: poyu.chen::JXXXH:25d123edc76b5dbf:0155BA5C50942F00F12040F199927658:01010000000000008696A1F78F8BD3015E9D98B6196D2D3E000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C000800300030000000000000000100000000200000CE085D8E86F633AC8A87EEF618E92DB8C7DA22264AB245CF88D3EE0F0688E6DB0A0010000000000000000000000000000000000009003A0048005400540050002F00700072006F00780079007300720076002E006A0065007400730074006100720074006500630068002E0063006F006D000000000000000000 poyu.chen::JETSTARTECH:25d123edc76b5dbf:0155BA5C50942F00F12040F199927658:01010000000000008696A1F78F8BD3015E9D98B6196D2D3E000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C000800300030000000000000000100000000200000CE085D8E86F633AC8A87EEF618E92DB8C7DA22264AB245CF88D3EE0F0688E6DB0A0010000000000000000000000000000000000009003A0048005400540050002F00700072006F00780079007300720076002E006A0065007400730074006100720074006500630068002E0063006F006D000000000000000000 1. Is this normal? 2. What is the direction I need to study if this is an exception? Please give me an idea or my mistake thank Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted January 15, 2018 Share Posted January 15, 2018 19 hours ago, KiraX said: I would like to ask, I use bashbunny captured the following information: The general hash looks only 32, but I grabbed a few computers here are the same length: poyu.chen::JXXXH:25d123edc76b5dbf:0155BA5C50942F00F12040F199927658:01010000000000008696A1F78F8BD3015E9D98B6196D2D3E000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C000800300030000000000000000100000000200000CE085D8E86F633AC8A87EEF618E92DB8C7DA22264AB245CF88D3EE0F0688E6DB0A0010000000000000000000000000000000000009003A0048005400540050002F00700072006F00780079007300720076002E006A0065007400730074006100720074006500630068002E0063006F006D000000000000000000 poyu.chen::JETSTARTECH:25d123edc76b5dbf:0155BA5C50942F00F12040F199927658:01010000000000008696A1F78F8BD3015E9D98B6196D2D3E000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C000800300030000000000000000100000000200000CE085D8E86F633AC8A87EEF618E92DB8C7DA22264AB245CF88D3EE0F0688E6DB0A0010000000000000000000000000000000000009003A0048005400540050002F00700072006F00780079007300720076002E006A0065007400730074006100720074006500630068002E0063006F006D000000000000000000 1. Is this normal? 2. What is the direction I need to study if this is an exception? Please give me an idea or my mistake thank What you have there is what you are expecting. That is a NTLMv2 hash. It is what it looks like when it is sent over the network. It is a hash of the hash hehe. Start cracking. The hash you are used to seeing is what how it is stored locally in the SAM. Link to comment Share on other sites More sharing options...
KiraX Posted January 16, 2018 Share Posted January 16, 2018 Okay, I'll give it a try I appreciate your message. Link to comment Share on other sites More sharing options...
TwistedPacket Posted April 13, 2018 Share Posted April 13, 2018 Hello Everyone, I am having an issue with my quickcreds setup that perhaps someone can help me figure out. I have it installed and working just fine using switch 2. However it will only work if I disable or unplug the network card from the workstation? Also if the workstation happens to have a wireless network card it must be disabled as well or the attack will not work. Once I do that everything works as it should. I have tried this on windows 7 and windows 10. Five workstations and 3 laptops that all do the same thing. Any ideas? Thank you! Link to comment Share on other sites More sharing options...
Shanegal Posted October 13, 2019 Share Posted October 13, 2019 Hello everyone, I’ve been playing with this payload for a while and I’ve had it working on some computers but then not on others (red light blinks meaning no ip recieved). I tested this on my home computer and was having the same problem even though I set up my computer to share files and printer over network and it didn’t work....but I’ve found the problem! If the computer has dhcp disabled it won’t work and gives you that dreaded red LED. So after inserting the bashbunny and then Right clicking on the new network adapter and clicking diagnose, windows gave me the option to enable dchp, which I did and it then worked fine. I hope this helps a few of you out that have been dying to get this to work. obviously this isn’t always practical if you wanted to get the creds and get out of there but atleast you no the reason why it’s not working for you. regards, shane Link to comment Share on other sites More sharing options...
Flebbi Posted February 5, 2020 Share Posted February 5, 2020 I downloaded responder and copied the payload into the switch position. Everything seems to go fine, but the yellow blinking led never finishes. I plugged it in a locked computer for 20 minutes and it was still attacking. It created the folder with my hostname but I didn't receive the hashes. It found nothingd Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.