Jump to content
Darren Kitchen

[PAYLOAD] QuickCreds

Recommended Posts

Got that fixed by microsoft and now you can't get the hashes from locked machines anymore?

Share this post


Link to post
Share on other sites

I ran Responder for about ~13 minutes on a locked screen. I added a few words to the payload so it saves the output of Responder in a .txt file

Open a shell, cd to the directory where you saved it and type "cat respondertext.txt", so you can view it correctly.

Anyone has ideas how I get to the hashes? It looks like it just finds nothing.

respondertext.txt

Share this post


Link to post
Share on other sites

You know I thought that too but a fresh install of Win10 1903 and I still get hashes running quickcreds.  So I have no idea why it still works on mine.  I suppose I could leave the machine on for a while and let Billy-Bob install a bunch of updates and see if I still get hashes after that.  Might be interesting to see. 

Share this post


Link to post
Share on other sites

@Bob123 I think I got the solution finally.

I have a Microsoft account as account on both my laptop and PC, so I can synchronize with OneDrive between them. As I said, I left it for 20 minutes and it didn't work.

OK, so here is the solution: I tried it on another computer with a local account and not a microsoft account and guess what, after it booted up it instantly grabbed the hashes, like literally instantly.

So for anyone who had the same problem as me, it only works on local accounts. But it still works.

I'm so happy I finally found the answer.

Share this post


Link to post
Share on other sites

That's interesting.  I've never tried it on a computer with an MS connected account.  I'll have to give that a shot.  I wonder how that works, if it actually keeps a hash on the computer since it isn't a local account.  But that's cool I'm glad you got it to work.

Share this post


Link to post
Share on other sites

Good to know.  Haven't tried it either on a MS account linked machine.  I personally dislike how you have to create/have an account on consumer system now for login just then to switch it back to local...

Share this post


Link to post
Share on other sites

I do not know exactly how many of the private users use a ms account, but what I know, is that almost every company uses local accounts for their employees. That means, if you'd use it on the field, depending on where you use it and in which environment, you'll probably be successful. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...