Jump to content

Recommended Posts

really confused on how to setup quick creds on the bash bunny...Found different steps to take but no tutorials or documentation on the configuration and setup. Also another thing I was thinking about is what if I am out on an engagement and said company has 2 step verification. Does this attack still work? 

Share this post


Link to post
Share on other sites

Download the Responder package from the pinned post here:

Drop the .deb file into your /tools directory. Safely eject, remount. Then run the payload just as you would any other. Works great on locked machines!

  • Upvote 1

Share this post


Link to post
Share on other sites
On 6/5/2017 at 4:09 PM, craig131 said:

Thank you sir! 

Drop the .deb file into your /tools directory. Safely eject, remount. Then run the payload just as you would any other. Works great on locked machines!

 

Share this post


Link to post
Share on other sites
On 6/9/2017 at 8:11 AM, Nick Kwiecien said:

The sits there forever blinking yellow trying to find ntlm hashes but are never found 

One way to test to make sure it is working is plug it into a Windows machine and then when it is working to launch Internet Explorer (because it will pass hashes) and browser anywhere.  Another test is to launch file explorer and put in a unc path to anywhere like "\\somewhere".  Those will trigger the event that gets the hash immediately.  If that works and you get hashes then the payload is working, the machine is not running any services that are reaching out that can pass NTLM hashes.  I seen it not work on locked machines after they have blanked the screen.  If you catch it before the screen blanks then it seems to work.  After it blanks though, that person will need to sign in to kick off their services again.

Share this post


Link to post
Share on other sites
On 6/10/2017 at 2:07 PM, PoSHMagiC0de said:

One way to test to make sure it is working is plug it into a Windows machine and then when it is working to launch Internet Explorer (because it will pass hashes) and browser anywhere.  Another test is to launch file explorer and put in a unc path to anywhere like "\\somewhere".  Those will trigger the event that gets the hash immediately.  If that works and you get hashes then the payload is working, the machine is not running any services that are reaching out that can pass NTLM hashes.  I seen it not work on locked machines after they have blanked the screen.  If you catch it before the screen blanks then it seems to work.  After it blanks though, that person will need to sign in to kick off their services again.

It worked on the first try opening up the browser while it was running! Thank you for the help. So yes I think you were correct about the machine not being able to reach out and grab the ntlm hashes 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...