Jump to content
LowValueTarget

[PAYLOAD_UPDATE] QuickCreds

Recommended Posts

Payload runs fine. Goes through the setup but for some reason the LED turns off instead of finishing. Also nothing comes up in the loot/ folder

Edited by Bryfi

Share this post


Link to post
Share on other sites
27 minutes ago, LowValueTarget said:

I noticed that behavior sometimes

Sebkinne may have a solution or at least some insight.

I also have this issue with bunnytap (payload not running correctly) Do you think it is due to the update? It was working fine before then.

Share this post


Link to post
Share on other sites

Can be a runtime problem. With default setting a payload does not run longer than 1min 30s since.(measured since plug in the bunny)

After 1min 30 every payload stops working.

Check your /var/log/syslog if there is an entry like :

bunny.service start operation timed out. Terminating

Failed to start bunny.service

Edited by qdba

Share this post


Link to post
Share on other sites

Tried with both Win7 and Win10. Seems that this payload is also bricked. Any idea how I can log these payload while they are running so I have something to give to the devs?

Share this post


Link to post
Share on other sites

The payload works fine for me on Win8, Win10.

You could potentially pipe the output of this line to a file in the loot or payload folder

python Responder.py -I usb0 $RESPONDER_OPTIONS &

 

Share this post


Link to post
Share on other sites
On 04/10/2017 at 3:14 PM, LowValueTarget said:

The payload works fine for me on Win8, Win10.

You could potentially pipe the output of this line to a file in the loot or payload folder


python Responder.py -I usb0 $RESPONDER_OPTIONS &

 

How are you guys getting this to work?! Ever since this update, both Bunnytap and Quickcreds are broken for me. EDIT: Downgrading to 1.0 seemed to solve the issue.

 

Edited by Bryfi

Share this post


Link to post
Share on other sites

Try this,

1. ssh to bunny. 
2. Backup the file /usr/local/bunny/bin/bunny_framework to /usr/local/bunny/bin/bunny_framerwork.bak
     cp /usr/local/bunny/bin/bunny_framework /usr/local/bunny/bin/bunny_framework.bak

3. enter followed command
     cat /usr/local/bunny/bin/bunny_framework.bak | sed 's/^hop\w*$/hop \&/'  > /usr/local/bunny/bin/bunny_framework

Advice:

taking a look at /var/log/syslog is a good idea for debugging

Edited by qdba

Share this post


Link to post
Share on other sites

I ran Quick Creds version 1.0 (firmware >= 1.1) against a windows 10 machine and it seemed to run fine on the first attempt.

Share this post


Link to post
Share on other sites

Hi, i have some trouble with quick creds. Here my syslog i don´t know why but the usb0 is not finding. Sorry for my bad engl.

 

May  7 22:00:39 bunny bunny_framework[300]: got dhcp ip address after 3 seconds
May  7 22:00:39 bunny bunny_framework[300]: TARGET_IP = 172.16.64.10, TARGET_HOSTNAME = MSI, HOST_IP = 172.16.64.1
May  7 22:00:44 bunny kernel: [   18.600044] usb0: no IPv6 routers present
May  7 22:00:44 bunny bunny_framework[300]: __
May  7 22:00:44 bunny bunny_framework[300]: .----.-----.-----.-----.-----.-----.--|  |.-----.----.
May  7 22:00:44 bunny bunny_framework[300]: |   _|  -__|__ --|  _  |  _  |     |  _  ||  -__|   _|
May  7 22:00:44 bunny bunny_framework[300]: |__| |_____|_____|   __|_____|__|__|_____||_____|__|
May  7 22:00:44 bunny bunny_framework[300]: |__|
May  7 22:00:44 bunny bunny_framework[300]: #033[1;33mNBT-NS, LLMNR & MDNS Responder 2.3.3.6#033[0m
May  7 22:00:44 bunny bunny_framework[300]: Author: Laurent Gaffie (laurent.gaffie@gmail.com)
May  7 22:00:44 bunny bunny_framework[300]: To kill this script hit CRTL-C
May  7 22:00:44 bunny bunny_framework[300]: #033[1;32m[+] #033[0mPoisoners:
May  7 22:00:44 bunny bunny_framework[300]: LLMNR                      #033[1;32m[ON]#033[0m
May  7 22:00:44 bunny bunny_framework[300]: NBT-NS                     #033[1;32m[ON]#033[0m
May  7 22:00:44 bunny bunny_framework[300]: DNSDec 31 16:00:10 bunny rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="340" x-info="http://www.rsyslog.com"] start
Dec 31 16:00:10 bunny systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage...
Dec 31 16:00:10 bunny systemd[1]: Starting Copy rules generated while the root was ro...
Dec 31 16:00:10 bunny systemd[1]: Started Copy rules generated while the root was ro.
Dec 31 16:00:10 bunny systemd[1]: Started Trigger Flushing of Journal to Persistent Storage.
Dec 31 16:00:10 bunny networking[172]: Configuring network interfaces...Cannot find device "usb0"
Dec 31 16:00:10 bunny networking[172]: Failed to bring up usb0.
 

Share this post


Link to post
Share on other sites

ok i got this working like a champ but quick question..... i keep getting ntlmv2 hash and not ntlm.  Is there a way to get the ntlm hash instead of v2?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...