Jump to content
Makunta

Bashbunny and Quickcreds firmware 1.6 LED in solid red

Recommended Posts

Hi all,

I need some help because I do not get quickcreds on my bashbunny to run.

I'm am using Windows 10 for the bashbunny setup.

###Bashbunny in arm mode

 I copied the 1.6 firmware from https://downloads.hak5.org/bunny to the root of my bash bunny. 
Replugged the bashbunny and waited for the red blinking light to stop

I checked the version.txt in root which confirmed 1.6_305

I downloaded the responder and the imppacket from here https://forums.hak5.org/topic/40971-info-tools/ and placed the two files in the tools directory
responder-bunny.deb & impacket-bunny.deb

Then I unplugged and plugged the bashbunny back in an checked that the tools folder was empty.

Then I connected to the bashbunny and checked that the folder responder and impacket where copied to the device.

Then I ran root@bunny:/tools/impacket# python setup.py install

I then copied the quick creds payload to "D:\payloads\switch1\payload.txt" and safely ejected the bashbunny.

###Bashbunny in switch position 1

I plugged the bashbunny in my Windows 10 machine and the light is just solid red. I waited for 5 hours and the light was still unchanged. Any ideas what I am doing wrong?
Is quickreds still working on firmware 1.6. Do you have any links to current tutorials or walkthroughs? Any help is much appreciated.

 

1.jpg2.jpg3.jpg4.jpg

 

Share this post


Link to post
Share on other sites

It could be several things causing it which is usually related to the target system.  For example, one documented cause is DHCP being disabled on the target system.  Red just indicates something failed.  The base payload has not been updated for 3+ years so it is expected that changes will need made to work with your target.

Best bets are an issue with Responder. If you target is not accepting the "Ethernet" connection from the bash bunny it will fail right out the gate. 

Share this post


Link to post
Share on other sites

Okay, so recently I made this LaZassword payload. And recently I also recognize more and more issues about the QuickCreds payload. So I'll make the same with the QuickCreds payload as I had done with the PasswordGrabber payload. I'll write one by myself and post it on my github.

As far as I understand, the goal of quickcreds is to get hashes from locked machines. So my payload is gonna grab NTLMv2 hashes and save them in a .txt file.

I think I'll be finished in 1-3 days.

Share this post


Link to post
Share on other sites
2 minutes ago, Makunta said:

@kuyaya

sounds great. Could you send my the link to your github. Perhaps I can help.  

Oh, sure: https://github.com/githubkuyaya

And the link to LaZassword: https://github.com/githubkuyaya/LaZassword

I already have the payload working, so there is nothing left to help, but thank you. Spoiler alert: the most simple payload you have ever seen.

Currently, I'm just working on the github page. I'll send it to you as soon as I'm finished. And I'll also make a topic in BashBunny > payloads 

Share this post


Link to post
Share on other sites
2 hours ago, kuyaya said:

Oh, sure: https://github.com/githubkuyaya

And the link to LaZassword: https://github.com/githubkuyaya/LaZassword

I already have the payload working, so there is nothing left to help, but thank you. Spoiler alert: the most simple payload you have ever seen.

Currently, I'm just working on the github page. I'll send it to you as soon as I'm finished. And I'll also make a topic in BashBunny > payloads 

Sorry for the delay in for an answer in your other post.  I plan to dig into the payload this weekend.  Post any updates in the mean time!

Share this post


Link to post
Share on other sites
2 hours ago, Cap_Sig said:

Sorry for the delay in for an answer in your other post.  I plan to dig into the payload this weekend.  Post any updates in the mean time!

Just take your time 🙂

I made a few updates on the payload, such as: 

1. Adding the command to delete all items in the quick-access folder. It's not like you just hide them, you delete them. If the BB wouldn't do that, the victim user could find out what you were doing. He could see that you used e.g. "lazassword.ps1" "lazagne.zip" "loot", and with some googling you would probably get caught. 

2. Make a loot folder

3. auto-eject the bunny at the end of the payload

Share this post


Link to post
Share on other sites

@Makunta@Cap_Sig

Ayyyyy the repo is finally finished. You can look it up here. Happy Hunting!

Edited by kuyaya

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...