Jump to content
urbanweb

Newbie Issue - quickcreds - red lights

Recommended Posts

Hi guys.  

Read with interest for months, and took the plunge and purchased a bash bunny last week. 

Running Windows 10 pro x64

I'm trying to get quickcreds to work.  I've updated to the latest firmware, downloaded the latest payloads, and added Impact and Responder to tools when trying to get dumpcreds to work (unsuccessfully). 

Whilst it appears to initialise, most of the payloads I try and run, other than some of the simple "none capture" ones end with a flashing red light, with nothing captured. 

I've tried to find a way of restoring to factory (not resetting the device, power up, green light, remove 3 times etc), in case I've done something wrong when initially messing with the device, but cannot see away to do this.

Can anyone give this frustrated newbie any pointers?  I have red the threads on quickcreds, and had no joy.  If there's a thread that i've missed, please feel free to point me to that, or any other resource that could help me.  As I said, very new to this, and have next to no experience with Linux, which \i know doesn't help, but am happy to putty into the device with a little guidance. 

Thank you in advance guys. 

Matt

Share this post


Link to post
Share on other sites

Okay,

 

So after more reading, I think the issue is that I'm using a uk keyboard layout.  As well as changing this in the individual payloads, do I also need to change any other files?  No doubt I'll soon find out...

Share this post


Link to post
Share on other sites

Can we post something in the quickcreds payload about warning about it not working reliably in fully patched Windows 10?

 

Okay, this topic is getting extremely old.  So, I tested again to get absolutely up to date info.

Now, Windows 10, quickcreds is a hit or miss but most often a miss.  I had it work one time on my test Win10 machine and not work again.  It worked with it unlocked and if I fired off the edge browser.  Never use Chrome, chrome fixed that issue of coughing up creds ages ago.  You could also use explorer and browse to a non-existent share.

While Win10 is locked it did not work, even with browser open.  It got like that after the Creator's Update.  Payloads that use mimikatz do not work on newer Win10.  Mimikatz was updated but not the powershell version and will get detected if used (old or new) by defender (definitely Avast).  Responder is the same for Win10 as it not always works and I have seen with impacket smb server that some WIn10 machine will not connect unless credentials are input again.

 

So, again...quickcreds work mostly reliable on Win7, on Win10 it may work with it unlocked and some manual intervention and it may not.  If you want it to be reliable, browse the bunny IP and it will definitely do something but auto is a hit but more than likely will be a miss.  Once again, MS knows about this thing and is actively fixing faults.

After all that, any future threads I come across that talks about this same topic the answer will be "doesn't work" as far as Win10 is concern.

 

Now some may come out and say it does after some hoop jumping but then it is not automatic anymore now is it?

 

Edited by PoSHMagiC0de

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...