Flebbi Posted February 6, 2020 Share Posted February 6, 2020 Got that fixed by microsoft and now you can't get the hashes from locked machines anymore? Link to comment Share on other sites More sharing options...
kuyaya Posted March 12, 2020 Share Posted March 12, 2020 I ran Responder for about ~13 minutes on a locked screen. I added a few words to the payload so it saves the output of Responder in a .txt file Open a shell, cd to the directory where you saved it and type "cat respondertext.txt", so you can view it correctly. Anyone has ideas how I get to the hashes? It looks like it just finds nothing. respondertext.txt Link to comment Share on other sites More sharing options...
kuyaya Posted April 3, 2020 Share Posted April 3, 2020 I think I know why I get nothing. The vulnerability got fixed by microsoft back in 2016. Makes sense, I'm just an idiot. But what confuses me, is that it is working on @Bob123's PC. Sorry for the ping mate. Link to comment Share on other sites More sharing options...
Bob123 Posted April 4, 2020 Share Posted April 4, 2020 You know I thought that too but a fresh install of Win10 1903 and I still get hashes running quickcreds. So I have no idea why it still works on mine. I suppose I could leave the machine on for a while and let Billy-Bob install a bunch of updates and see if I still get hashes after that. Might be interesting to see. Link to comment Share on other sites More sharing options...
kuyaya Posted May 16, 2020 Share Posted May 16, 2020 @Bob123 I think I got the solution finally. I have a Microsoft account as account on both my laptop and PC, so I can synchronize with OneDrive between them. As I said, I left it for 20 minutes and it didn't work. OK, so here is the solution: I tried it on another computer with a local account and not a microsoft account and guess what, after it booted up it instantly grabbed the hashes, like literally instantly. So for anyone who had the same problem as me, it only works on local accounts. But it still works. I'm so happy I finally found the answer. Link to comment Share on other sites More sharing options...
Bob123 Posted May 17, 2020 Share Posted May 17, 2020 That's interesting. I've never tried it on a computer with an MS connected account. I'll have to give that a shot. I wonder how that works, if it actually keeps a hash on the computer since it isn't a local account. But that's cool I'm glad you got it to work. Link to comment Share on other sites More sharing options...
Cap_Sig Posted May 18, 2020 Share Posted May 18, 2020 Good to know. Haven't tried it either on a MS account linked machine. I personally dislike how you have to create/have an account on consumer system now for login just then to switch it back to local... Link to comment Share on other sites More sharing options...
kuyaya Posted May 18, 2020 Share Posted May 18, 2020 I do not know exactly how many of the private users use a ms account, but what I know, is that almost every company uses local accounts for their employees. That means, if you'd use it on the field, depending on where you use it and in which environment, you'll probably be successful. Link to comment Share on other sites More sharing options...
kaleepornya Posted September 26, 2020 Share Posted September 26, 2020 iam stacked in blinking orange 😞 Link to comment Share on other sites More sharing options...
kuyaya Posted September 27, 2020 Share Posted September 27, 2020 On 9/26/2020 at 3:17 PM, kaleepornya said: iam stacked in blinking orange 😞 He P.M.'d me and it is fixed now :). Link to comment Share on other sites More sharing options...
operatorandy Posted October 15, 2021 Share Posted October 15, 2021 it sucks its almost the end of 2021 and im just now getting into all this... getting the blinking yellow or orange for 30 min.. i take it out and check the BB out, loot/quickcreds/PCNAME/no files. so weird. Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 18, 2021 Share Posted November 18, 2021 I used QuickCreds yesterday (with the latest Responder version) and I got loot (even from one of my Enterprise/domain joined Win 10 boxes). Check my post (and at least parts of the post before that one in the same thread) and you should be able to get it working. Link to comment Share on other sites More sharing options...
l3z Posted December 13, 2021 Share Posted December 13, 2021 On 11/18/2021 at 12:49 PM, dark_pyrro said: I used QuickCreds yesterday (with the latest Responder version) and I got loot (even from one of my Enterprise/domain joined Win 10 boxes). Check my post (and at least parts of the post before that one in the same thread) and you should be able to get it working. I have some troubles with you support for python 3. If i run the command make for openssl it tell me a failure: Makefile:4128: recipe for target 'configdata.pm' failed make: *** [configdata.pm] Error 1 Link to comment Share on other sites More sharing options...
l3z Posted December 13, 2021 Share Posted December 13, 2021 9 minutes ago, l3z said: I have some troubles with you support for python 3. If i run the command make for openssl it tell me a failure: Makefile:4128: recipe for target 'configdata.pm' failed make: *** [configdata.pm] Error 1 Ok I have my prob solved it was the timezone... Link to comment Share on other sites More sharing options...
l3z Posted December 14, 2021 Share Posted December 14, 2021 On 11/18/2021 at 12:49 PM, dark_pyrro said: I used QuickCreds yesterday (with the latest Responder version) and I got loot (even from one of my Enterprise/domain joined Win 10 boxes). Check my post (and at least parts of the post before that one in the same thread) and you should be able to get it working. He i have trouble with install the rustc it will not work. After the install it show me rtc doesn´t exists. Do you know this problem? Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 14, 2021 Share Posted December 14, 2021 What Bunny are you using? Mk1 or Mk2? Link to comment Share on other sites More sharing options...
l3z Posted December 14, 2021 Share Posted December 14, 2021 I think is the old version mk1 Link to comment Share on other sites More sharing options...
l3z Posted December 14, 2021 Share Posted December 14, 2021 ok i have answer myself it is a problem of the ram? Right? Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 14, 2021 Share Posted December 14, 2021 correct Link to comment Share on other sites More sharing options...
kim Posted December 20, 2021 Share Posted December 20, 2021 Hi All , i try to use quickcred to grab password , after the attack launch and led turn from purple to red blinking , any idea what happened? Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 20, 2021 Share Posted December 20, 2021 Responder tool not found or not able to get IP address. Depends on if it's slow or fast blink. Most likely no IP since it's the only place where it is used in the payload script. At least the version on GitHub. Link to comment Share on other sites More sharing options...
Emilio5639 Posted July 28, 2022 Share Posted July 28, 2022 I just tried this on my computer and it just sits there and blinks. Is there an updated guide on how to get this to work or what other payload do you recommend to do something similar? Thanks again Link to comment Share on other sites More sharing options...
dark_pyrro Posted July 29, 2022 Share Posted July 29, 2022 What color does the LED blink with? Link to comment Share on other sites More sharing options...
mario0077 Posted October 21, 2022 Share Posted October 21, 2022 hola soy de argentina acabo de comprar el bash bunny y la verdad es que no encuentro algo actualizado para ver ya que los payload que ingreso no me funcionan o me crean una carpeta que no tiene contenido necesitaria alguna solución por favor gracias. Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 21, 2022 Share Posted October 21, 2022 Use English on the forums Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.