Jump to content

Newbie Issue - quickcreds - red lights


Recommended Posts

Hi guys.  

Read with interest for months, and took the plunge and purchased a bash bunny last week. 

Running Windows 10 pro x64

I'm trying to get quickcreds to work.  I've updated to the latest firmware, downloaded the latest payloads, and added Impact and Responder to tools when trying to get dumpcreds to work (unsuccessfully). 

Whilst it appears to initialise, most of the payloads I try and run, other than some of the simple "none capture" ones end with a flashing red light, with nothing captured. 

I've tried to find a way of restoring to factory (not resetting the device, power up, green light, remove 3 times etc), in case I've done something wrong when initially messing with the device, but cannot see away to do this.

Can anyone give this frustrated newbie any pointers?  I have red the threads on quickcreds, and had no joy.  If there's a thread that i've missed, please feel free to point me to that, or any other resource that could help me.  As I said, very new to this, and have next to no experience with Linux, which \i know doesn't help, but am happy to putty into the device with a little guidance. 

Thank you in advance guys. 


Link to comment
Share on other sites

Can we post something in the quickcreds payload about warning about it not working reliably in fully patched Windows 10?


Okay, this topic is getting extremely old.  So, I tested again to get absolutely up to date info.

Now, Windows 10, quickcreds is a hit or miss but most often a miss.  I had it work one time on my test Win10 machine and not work again.  It worked with it unlocked and if I fired off the edge browser.  Never use Chrome, chrome fixed that issue of coughing up creds ages ago.  You could also use explorer and browse to a non-existent share.

While Win10 is locked it did not work, even with browser open.  It got like that after the Creator's Update.  Payloads that use mimikatz do not work on newer Win10.  Mimikatz was updated but not the powershell version and will get detected if used (old or new) by defender (definitely Avast).  Responder is the same for Win10 as it not always works and I have seen with impacket smb server that some WIn10 machine will not connect unless credentials are input again.


So, again...quickcreds work mostly reliable on Win7, on Win10 it may work with it unlocked and some manual intervention and it may not.  If you want it to be reliable, browse the bunny IP and it will definitely do something but auto is a hit but more than likely will be a miss.  Once again, MS knows about this thing and is actively fixing faults.

After all that, any future threads I come across that talks about this same topic the answer will be "doesn't work" as far as Win10 is concern.


Now some may come out and say it does after some hoop jumping but then it is not automatic anymore now is it?


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...