Jump to content

Does Quickcreds work on recent locked Windows computer ?


nopnop

Recommended Posts

Posted

Hi

I recently bought a BashBunny Mark 2 (FW 1.7_332) and I'd like to use it on a Windows 10 locked computer to recover users hashes with Quickcreds Payload

I copied paylaod on switch 1 and install responder DEB file.

When I plug in the USB key, the light starts green, changes to purple, and then stays flashing yellow. I waited about 1H, but it stayed flashing yellow.

If I unlock the computer, the payload works without any problems.

I tried on differents computers,  but always the same problem..

Any idea please ?

Is there another payload to grab the users hashes on locked computer ?

 

Thank you for your help

 

Posted

If I launch "root@bunny:/tools/responder# ./Responder.py -I" it seems to be ok.

MJsf4QYPWJV_2023-10-18-07-54-54-COM7---P

is there another command I can run to check ?

Posted

Sorry,  here is the screenshot

MJspeOsOBzV_2023-10-18-17-04-12-COM7---P

When I plug the Bashbunny on the laptop,  led start green, then fixed purple, and after red flash.

 

 

Posted

Yes I set a static IP. Thank You.

So I try on another laptop (windows 10)

This time , LED start Green,  then fixed purple,  and after yellow flash.  Normally it should be a fixed green.

 

Any idea ?

Posted

Yes, if you get a NTLM hash it will turn green. If not, it will continue to blink yellow. There's no guarantee though that it will ever be able to obtain the hash. Also make sure to leave it for a while. It can take all from 2 seconds from when it starts to blink yellow (i.e. attack started) to well over a minute.

Posted

I left the BashBunny plugged in for 2 hours, but still the same "yellow flashing LED"

Does the computer need to be connected to the internet ?

 

Posted

The goal is to recover the hash of a locked computer whose session has not been opened. And after Hashcat the hash.

 

The computer is running bitlocker + tpm.

I think I have no other option to unlock it.

 

 

 

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...