Makunta Posted February 7, 2020 Share Posted February 7, 2020 Hi all, I need some help because I do not get quickcreds on my bashbunny to run. I'm am using Windows 10 for the bashbunny setup. ###Bashbunny in arm mode I copied the 1.6 firmware from https://downloads.hak5.org/bunny to the root of my bash bunny. Replugged the bashbunny and waited for the red blinking light to stop I checked the version.txt in root which confirmed 1.6_305 I downloaded the responder and the imppacket from here https://forums.hak5.org/topic/40971-info-tools/ and placed the two files in the tools directory responder-bunny.deb & impacket-bunny.deb Then I unplugged and plugged the bashbunny back in an checked that the tools folder was empty. Then I connected to the bashbunny and checked that the folder responder and impacket where copied to the device. Then I ran root@bunny:/tools/impacket# python setup.py install I then copied the quick creds payload to "D:\payloads\switch1\payload.txt" and safely ejected the bashbunny. ###Bashbunny in switch position 1 I plugged the bashbunny in my Windows 10 machine and the light is just solid red. I waited for 5 hours and the light was still unchanged. Any ideas what I am doing wrong? Is quickreds still working on firmware 1.6. Do you have any links to current tutorials or walkthroughs? Any help is much appreciated. Quote Link to comment Share on other sites More sharing options...
Cap_Sig Posted February 7, 2020 Share Posted February 7, 2020 It could be several things causing it which is usually related to the target system. For example, one documented cause is DHCP being disabled on the target system. Red just indicates something failed. The base payload has not been updated for 3+ years so it is expected that changes will need made to work with your target. Best bets are an issue with Responder. If you target is not accepting the "Ethernet" connection from the bash bunny it will fail right out the gate. Quote Link to comment Share on other sites More sharing options...
kuyaya Posted February 7, 2020 Share Posted February 7, 2020 Okay, so recently I made this LaZassword payload. And recently I also recognize more and more issues about the QuickCreds payload. So I'll make the same with the QuickCreds payload as I had done with the PasswordGrabber payload. I'll write one by myself and post it on my github. As far as I understand, the goal of quickcreds is to get hashes from locked machines. So my payload is gonna grab NTLMv2 hashes and save them in a .txt file. I think I'll be finished in 1-3 days. Quote Link to comment Share on other sites More sharing options...
Makunta Posted February 7, 2020 Author Share Posted February 7, 2020 @kuyaya sounds great. Could you send my the link to your github. Perhaps I can help. Quote Link to comment Share on other sites More sharing options...
kuyaya Posted February 7, 2020 Share Posted February 7, 2020 2 minutes ago, Makunta said: @kuyaya sounds great. Could you send my the link to your github. Perhaps I can help. Oh, sure: https://github.com/githubkuyaya And the link to LaZassword: https://github.com/githubkuyaya/LaZassword I already have the payload working, so there is nothing left to help, but thank you. Spoiler alert: the most simple payload you have ever seen. Currently, I'm just working on the github page. I'll send it to you as soon as I'm finished. And I'll also make a topic in BashBunny > payloads Quote Link to comment Share on other sites More sharing options...
Cap_Sig Posted February 7, 2020 Share Posted February 7, 2020 2 hours ago, kuyaya said: Oh, sure: https://github.com/githubkuyaya And the link to LaZassword: https://github.com/githubkuyaya/LaZassword I already have the payload working, so there is nothing left to help, but thank you. Spoiler alert: the most simple payload you have ever seen. Currently, I'm just working on the github page. I'll send it to you as soon as I'm finished. And I'll also make a topic in BashBunny > payloads Sorry for the delay in for an answer in your other post. I plan to dig into the payload this weekend. Post any updates in the mean time! Quote Link to comment Share on other sites More sharing options...
kuyaya Posted February 7, 2020 Share Posted February 7, 2020 2 hours ago, Cap_Sig said: Sorry for the delay in for an answer in your other post. I plan to dig into the payload this weekend. Post any updates in the mean time! Just take your time 🙂 I made a few updates on the payload, such as: 1. Adding the command to delete all items in the quick-access folder. It's not like you just hide them, you delete them. If the BB wouldn't do that, the victim user could find out what you were doing. He could see that you used e.g. "lazassword.ps1" "lazagne.zip" "loot", and with some googling you would probably get caught. 2. Make a loot folder 3. auto-eject the bunny at the end of the payload Quote Link to comment Share on other sites More sharing options...
kuyaya Posted February 8, 2020 Share Posted February 8, 2020 (edited) @Makunta@Cap_Sig Ayyyyy the repo is finally finished. You can look it up here. Happy Hunting! Edited February 8, 2020 by kuyaya Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.