Quickcreds

[Leo_Diaz]

Hi all,

 

This is my first time using the forum, and my second hak5 product I have purchased (Other being BB). I had a quick question: Could quickcreds be used on Shark Jack. Just thinking, because all of tools needed for responder the shark jack provides (especially thanks to dhcp client netmode). I didn't know if quickcreds could potentially be run on SJ. Any thoughts?

 

Thanks

[Gary Miles]

I think it's possible, especially since, like the Bash Bunny, the Shark Jack can give the client an IP. You could even then use Cloud C2 to upload the responder logs? However, I don't have a lot of experience with responder, and so, I don't know if responder needs anything that the Bash Bunny was able to provide but not the Shark Jack.

[PoSHMagiC0de]

Responder is python based so as long as you can get the requirements it will run.  How it can be used depends.  If you are after 1 victim then I assume you can plug directly in with responder running to get the network hash.

 

If plugging into a LAN.  Responder can be setup to responder to NBT or multicast queries.  Pretty much if someone fat fingers a url in IE or type in the wrong UNC path on Windows file explorer Responder will reply to those to try and get the hash.  So you can setup a shark with responder in its default responder mode -w -r -f and redirect or log output to a file.  It would have to sit there for while so it is not a plug in an you will immediately get results.  Something has to happen to get creds.  Also, you need a way to detect when you are done or just pull when you want and hopefully you got something.