Jump to content

Fixing the Lan Turtle disk space issue with QuickCreds, no SD card


Recommended Posts

After much chagrin and googling, we found that QuickCreds will not work on the lan turtle because of disk space issues.  Here's our fix!

(we take no responsibility if you break something/somebody.  Only hack when you have prior approval and authorization!)

Factory reset, or push the turtle-5.bin firmware to reset  (probably need to upgrade to v5 anyway).  This makes sure you are set to base.  YMMV.
Open the lan turtle, push and hold the reset button for at least 5 seconds after plugging it into the machine
ssh in to, sh3llz, change password
Update the modules list
Only install QuickCreds for now, so we have enough space
Select QuickCreds and configure
Let it install it's dependencies
You can now set QuickCreds to 'Enable' so that it will start at boot
At this point, we're going to exit and git clone the responder package
Exit 'turtle' back to a basic root shell
Git clone the Responder package first to /tmp since there is plenty of space. 
    git clone git://github.com/lgandx/Responder /tmp/Responder
du -sh /tmp/Responder
rm -rf /tmp/Responder/.git
rm -rf /tmp/Responder/tools/MultiRelay/
du -sh /tmp/Responder
We also want to remove the git package as it takes up >1MB of space.  QuickCreds installs it /only/ to git the Responder package  😕
 opkg remove git
 df -h 
     1.2M available on /
Move the Responder package back to /etc/turtle/ for QuckCreds to find it
mv /tmp/Responder/ /etc/turtle/
df -h
        1.1M still available on / now  (w00t)
The QuickCreds module is hardcoded to use br-lan as the interface.  This doesn't exist, so we need to change it to eth0.  Another 😕
    sed -i 's/br-lan/eth0/' /etc/turtle/modules/QuickCreds
You should now have at least 1MB of storage on / and plenty of space for /root/loot to write to, as well as have Responder available for QuickCreds
Pop the turtle in a Windows system and wait about 30 seconds until the amber light goes solid, CREDS!!!
Copy and paste the hash from /root/loot/#/HTTP-NTLMv2-
Paste into a hash file and send it to john with a wordlist
    john hash.txt --wordlist=wordlist.txt
Testing shows this works whether the laptop is locked or not locked.
These hashes can not be replayed, only cracked.
You still have plenty of space to return to the turtle shell and install any other modules you need at this point.
You may need git for something else, but probably not enough space.
This set up is for the "Grab creds from a locked Workstation" scenario.  You may need MultiRelay for something else...?  Not needed for QuickCreds.
Link to comment
Share on other sites

  • 11 months later...

I have an original Lan Turtle with no SD card. I just updated to the 6.2 firmware, and was found that Quick Creds acted like it was working, but the folders (e.g. ~/loot/1/) were empty. This post solved the issue. For anyone looking at this later, there are a few minor adjustments:

I did stay on 6.2 firmware (didn't factory reset to 5)

When I got to "git clone git://github.com/lgandx/Responder /tmp/Responder", I didn't have git, and git wouldn't install due to lack of space. Instead I went to https://github.com/lgandx/Responder/releases, copied the tar.gz link to the latest release, and then on my Lan Turtle did "wget https://github.com/lgandx/Responder/archive/v3.0.0.0.tar.gz" while inside /tmp/

I un-tared this, and then more or less continued with the instructions. There was no .git directory to remove, but I did remove /tools/MultiRelay, and of course I never had to opkg remove git.

When it came time to move /tmp/Responder to /etc/turtle/, I was told that the Responder folder (/etc/turtle/Responder) already existed. It appears that they may have somewhat fixed the dependencies? Still, it hadn't worked, so I removed it (rm -rf /etc/turtle/Responder), and copied my up-to-date version over it.

Moving on, /etc/turtle/modules/QuickCreds has been renamed with lowercase characters (/etc/turtle/modules/quickcreds). So sed -i 's/br-lan/eth0/' /etc/turtle/modules/quickcreds

Looking back on it, since the dependencies may have been fixed, I wonder if replacing br-lan with eth0 was the only thing that needed to be done? Still, it's working now, so I'm not messing with it.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...