urbanweb Posted December 14, 2017 Share Posted December 14, 2017 Hi guys. Read with interest for months, and took the plunge and purchased a bash bunny last week. Running Windows 10 pro x64 I'm trying to get quickcreds to work. I've updated to the latest firmware, downloaded the latest payloads, and added Impact and Responder to tools when trying to get dumpcreds to work (unsuccessfully). Whilst it appears to initialise, most of the payloads I try and run, other than some of the simple "none capture" ones end with a flashing red light, with nothing captured. I've tried to find a way of restoring to factory (not resetting the device, power up, green light, remove 3 times etc), in case I've done something wrong when initially messing with the device, but cannot see away to do this. Can anyone give this frustrated newbie any pointers? I have red the threads on quickcreds, and had no joy. If there's a thread that i've missed, please feel free to point me to that, or any other resource that could help me. As I said, very new to this, and have next to no experience with Linux, which \i know doesn't help, but am happy to putty into the device with a little guidance. Thank you in advance guys. Matt Link to comment Share on other sites More sharing options...
urbanweb Posted December 14, 2017 Author Share Posted December 14, 2017 Okay, So after more reading, I think the issue is that I'm using a uk keyboard layout. As well as changing this in the individual payloads, do I also need to change any other files? No doubt I'll soon find out... Link to comment Share on other sites More sharing options...
fabrice Posted December 14, 2017 Share Posted December 14, 2017 I'm very interesting if you can make this payload works. This vidéo can help : https://www.youtube.com/watch?v=VI1ie4cAIho Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted December 14, 2017 Share Posted December 14, 2017 Can we post something in the quickcreds payload about warning about it not working reliably in fully patched Windows 10? Okay, this topic is getting extremely old. So, I tested again to get absolutely up to date info. Now, Windows 10, quickcreds is a hit or miss but most often a miss. I had it work one time on my test Win10 machine and not work again. It worked with it unlocked and if I fired off the edge browser. Never use Chrome, chrome fixed that issue of coughing up creds ages ago. You could also use explorer and browse to a non-existent share. While Win10 is locked it did not work, even with browser open. It got like that after the Creator's Update. Payloads that use mimikatz do not work on newer Win10. Mimikatz was updated but not the powershell version and will get detected if used (old or new) by defender (definitely Avast). Responder is the same for Win10 as it not always works and I have seen with impacket smb server that some WIn10 machine will not connect unless credentials are input again. So, again...quickcreds work mostly reliable on Win7, on Win10 it may work with it unlocked and some manual intervention and it may not. If you want it to be reliable, browse the bunny IP and it will definitely do something but auto is a hit but more than likely will be a miss. Once again, MS knows about this thing and is actively fixing faults. After all that, any future threads I come across that talks about this same topic the answer will be "doesn't work" as far as Win10 is concern. Now some may come out and say it does after some hoop jumping but then it is not automatic anymore now is it? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.