Snagging Creds From Locked Machines With a LAN turtle

Snagging Creds From Locked Machines With a LAN turtle - Hak5 2104

Рет қаралды 207,446

Күн бұрын

Пікірлер: 166

@ralph17p 8 жыл бұрын

One mitigation that works - disable automatic USB device installations. It pisses off users as they can't connect their iPhones, USB sticks, etc. but if security is a concern it's worth doing.

@jaybreeze2033 3 жыл бұрын

UPnP is actually pretty standard, also makes the rubber ducky useless. an in-line hardware keylogger works nicely still.

@ahmedifhaam7266 Жыл бұрын

most ADs have this as a GP usually

@ralph17p Жыл бұрын

@@ahmedifhaam7266That's not been my experience and I've been an IT consultant for quite a while. Most of my customers are in finance (hedge funds, insurance etc.) and most of them don't block USB device installation. Those companies that do often end up rolling it back after the execs have a moan and get themselves an exception. Then the marketing team gets an exception because they have to connect to random devices in customer boardrooms and, before you know it, the whole thing has more holes than a sieve and it's fairly pointless. Mostly, we've moved to next-gen anti-malware and HIPS, designed to detect anomalous behaviour and hopefully catch the payloads delivered by these sort of devices. Also, it seems the latest Rubber Ducky is utterly unphased by USB blocking as it can be configured to circumvent most basic endpoint restrictions by emulating a different, permitted, USB device.

@alexsacco1948 7 жыл бұрын

At 2:22 the time on the computer is 2:22

@sneilson11 7 жыл бұрын

Omg wat

@emmanuelserrato7805 6 жыл бұрын

Alex Sacco sick

@kevinportillo1971 5 жыл бұрын

It was already 2:22 on that pc before the vid--- never mind why am i even bothering....🙄

@zirizo 4 жыл бұрын

@@kevinportillo1971 ??? Yea it's cool

@uniquelycommon2244 8 жыл бұрын

Great ground-up explanation of how this sweet method actually works. Subscribed. Have to get me a LAN turtle post-haste and start playing around with this.

@hak5 8 жыл бұрын

Hope you enjoy it.

@over00lordunknown12 6 жыл бұрын

Back when this was new, and I took a tour of a Microsoft center near me (with my High School), I asked the tour guide (who is a seasoned MS worker, who mainly worked in the MS Office Suite) why Windows just sends the NTLM hashes over the network without ensuring it is a server that is valid. Their response was: "Windows doesn't." but he looked *VERY* confused, and my class mates were all happy I stumped the guy because he was so sure of him self in the beginning that he could answer ANY question... XD

@ahmedifhaam7266 Жыл бұрын

that's not really a victory or whatever lol.

@davidmaxey3440 8 жыл бұрын

perfect amount of time to fill in the last half hr of work :P

@nickt4879 5 жыл бұрын

what a disapointment, got a device to test it out for myself, i mean come on it's really straight forward, plug, update 6.1, install quick creds, config, and pouff no more space on device... dosn't work as advertised either.. now i have to factory reset bullshit and waste time reading post of a TON of people having hte same issue all the way 2 years back... man seriously i should have google it before buying, what a waste of time

@ThatNateGuy 8 жыл бұрын

Both of you guys have awesome shirts!

@LakeVermilionDreams 8 жыл бұрын

I love this show! I learn a bunch here, then get to wow my coworkers with security stories and get them excited about how something as simple as MITM attacks work.

@dosluke 8 жыл бұрын

very cool. Ill be buying a lan turtle soon, I already have the ducky :P. btw, Shannon, you are a beauty :)

@rhettro_ 6 жыл бұрын

First time peepin' the channel, I am officially in love with Snubs

@ViolentOrchid 8 жыл бұрын

if the rubber ducky had a clock that keeps track of seconds or milliseconds, just use that to pulse the led. seconds/60 * 255 or milliseconds /100 * some number to keep it from being crazy fast * 255. there

@ahmedifhaam7266 Жыл бұрын

Doubt

@rumpelstiltskin9729 3 жыл бұрын

This Crip is very skilled with computers.

@RawApeFromAlbion 9 ай бұрын

🤣🤣🤣 yo dog!

@h.i.1359 8 жыл бұрын

Basically a ~30 y/o attack is still working fine and all it takes to mitigate it is to use a static route. Security and comfort never go together.

@mikvance 7 жыл бұрын

My turtle likes Shannon.

@AholicKnight 4 жыл бұрын

same

@lnteI 6 жыл бұрын

is this still working? i heard microsoft released patch to fix this

@AliciaSykes 4 жыл бұрын

Not working anymore, 2020

@datsuprakidbackup8 2 жыл бұрын

@@yuck871 still working?

@alicoolman1xx 8 жыл бұрын

The solution: Switch user(put a note 📝 on screen saying pc in use) Use an anti virus so it block internet from new network cards.

@mircoheitmann 7 жыл бұрын

But why isn't it a camera? in case you don't understand, take a look at the beginning

@zaggery 8 жыл бұрын

What about the whole private, public lan? It will trust this network device?

@matthewsummers6545 8 жыл бұрын

testing in my environment and pulled the hash off a test machine but its a much longer hash then old NTLM is there certain areas that are the hash and the rest isnt? curious how to get ophcrack or something to work with the format

@grimssouls3897 5 жыл бұрын

Whenever I attempt this on myself, it takes too long, so I never get to finish. It rapidly blinks for hours. I left it in for hours. Didn't finish. When I check the folder it's empty.

@Badminkey7 8 жыл бұрын

Does it need to always have a cat 5 cable plugged in or does it still work just plugged in via USB

@AllYourDubStep 7 жыл бұрын

I'm able to get NTLMv2 hashes, but how do I crack it? I'm not sure what to do with the NTLMv2 hash. Thank you! Also great toy this thing is.

@AllYourDubStep 7 жыл бұрын

Alright perfect. Thanks man

@ahmedifhaam7266 Жыл бұрын

@@AllYourDubStep ?

@goustune 8 жыл бұрын

I'm not sure I get it but, this work only if Windows is configured to use an AD ? Because there is no reason that Windows will send creds over the network on a simple home network

@LakeVermilionDreams 8 жыл бұрын

Isn't there some sort of work group sharing in Windows still? Or is that managed by our use a different protocol or procedures?

@AlexKennedy47 8 жыл бұрын

I'm assuming DHCP sends WPAD option in response. This forces windows to do an HTTP request for the WPAD. The HTTP server is set up to require NTLM-Auth. Hence Windows sends NTLM... Just a guess but I think this is correct.

@danmac4969 6 жыл бұрын

what is the benefit of buying a land turtle vs a rubber ducky?

@ale-lx9gp 8 жыл бұрын

Yo dawg, tell me more about these leds and that inside joke

@Anonymouspock 8 жыл бұрын

Hey! I'm just curious why you don't have local dynamic DNS and instead use IPs everywhere.

@alvaroelloco24 7 жыл бұрын

would it work as well if the computer is unlocked? i mean logged in? thanks i keep waiting for your answers!

@kdnew7877 8 жыл бұрын

sadly it doesnt work for me. responder.log says "starting attack" and the amber LED blinks fast and doesnt went solid :-/

@Chubbza5 8 жыл бұрын

Couldn't you implement a "process counter" or something into the hash code that counted the clock cycle during the compilation and completely nullify this kind of attack?

@jarisipilainen3875 6 жыл бұрын

pc is there locked or unlocked you own it allready

@jameshersee169 7 жыл бұрын

does it only run on Linix as i would assume it could run on a mac as the UI on terminal looked similar and macOS and Linix are practically the same thing

@gabrieltaggart 7 жыл бұрын

So i’m confused. You can snag the creds from the locked machines into hashes... But can’t decrypt the hashes, or at least quickly? I apologise, I’m not a very good listener, and I lose concentration very easily. Can someone please briefly explain what this actually does? Like for example: -You configure the Lan Turtle to Quickcreds -Plug it into the locked machine -Wait until the amber light is solid -Unplug it and plug it back into your machine -FTP to /root/loot -Find the hashes... What do I do with the hashes? And how do I get the passwords?

@Cr4ntz 5 жыл бұрын

Decrypt them with programs such as john the ripper

@aquatrax123 7 жыл бұрын

that's why you disable ntlm and move to kerberos only.

@sandortakacs546 7 жыл бұрын

Certificed Checkbox Unchecker.. I died 😂

@RawApeFromAlbion 9 ай бұрын

Yep come get your CCU certificates!

@Anonymouspock 8 жыл бұрын

What's with the repeated opkg invocations? Shouldn't you store that output in a variable then use that? Actually, that should be a function because it's a bunch of repeated stuff.

@ahmedifhaam7266 Жыл бұрын

function or static variable, choose 1

@fahdadni 8 жыл бұрын

i always wanted one of your devices(usb rubber ducky, lan turtle...)but i can't afford it hahaha

@kodiererg 6 жыл бұрын

Real hackers build and program their own. Look into raspberry pi and arduino, and learn C

@zach3664 8 жыл бұрын

I think the lan turtle is awesome. I was wondering if you guys have thought of doing a lan turtle that plugs in via Ethernet instead of USB. Some companies have enacted no USB use so that would mitigate that attack. Do you think there is a way to do Ethernet in from the switch to Ethernet out to the computer so you wont have any unauthorized USB device setting off alarms? If there is a way to pull power from the NIC of the computer to power the turtle I think that would be another great attack vector. Then you could just say "oh yeah that's just a insulator" or something to that effect to make them not question what it really is. I'm not sure if it is possible but just an idea just in case said company or entity has enacted no USB policy. Like always love watching your channel and hack the planet!

@JeffereyDembinski 8 жыл бұрын

Does this hack rely on the use of DHCP? What if it's a desktop with a manually set IP address?

@veryfrozen3271 6 жыл бұрын

Shannon has a really nice t-shirt

@hellsguardian2004 7 жыл бұрын

Can the LAN Turtle be used to get creds from a linux system?

@Babyfacemcgill 8 жыл бұрын

You guys keep talking about NTLM but what about NTLMv2? Anyone doing basic Windows security should be refusing LM and NTLM.

@stevesmith2553 8 жыл бұрын

what about Kerberos

@grave0x 8 жыл бұрын

they speak about NTLMv1 and v2 after 16:30

@pj1106 8 жыл бұрын

How to you view the creds form the Lan turtle?

@jblackops99 7 жыл бұрын

what Linux distribution was used on the laptop.

@navjotsingh2251 6 жыл бұрын

MJGC-Jonathan kali Linux I think

@KyletheKReep92 6 жыл бұрын

Kali.

@TeganBurns 8 жыл бұрын

8:30 what is PWM for 500 please

@hak5 8 жыл бұрын

Pulse width modulation - shannon

@TeganBurns 8 жыл бұрын

No like Jeopardy lol :P But yeah, I was saying you can use PWM for fading the LED in and out by changing the duty cycle from 100% - 0% (and vice versa) with a for loop.

@davetriplett4779 7 жыл бұрын

Tegan Burns Oooo, )))

@davetriplett4779 7 жыл бұрын

Yeah, ...I'm lost. .

@bearwolffish 7 жыл бұрын

What do you mean Glenn, there is a 0-100% duty cycle. Do you mean because that is either on or off? From AVR datasheet on using timer capture: "While this implementation plan will produce generally reasonable results, there are some boundary conditions which must be considered. The first is that it is possible to have a PWM duty cycle of 0%, or of 100%. These both have meaning, but they are anomalous, since the former cycle consists only of a (constant) inactive signal, and the latter only of an active signal. In neither case, there is any edge for the ICP to trigger on. "

@Chris-ze3ic 6 жыл бұрын

would this work on a machine if had all its files encrypted ?

@tonycheung7624 2 жыл бұрын

If this is a local account we can boot from PE to unlock all of the accounts. Is it this tool can unlock domain accounts?

@evilplaguedoctor5158 8 жыл бұрын

so.. what are Creds?

@hak5 8 жыл бұрын

credentials - like username / password. - Shannon

@evilplaguedoctor5158 8 жыл бұрын

Hak5 ah, makes sense, thank you!

@tgyk1568 8 жыл бұрын

I just noticed the @HunterHonda sticker behind Mubix at 11:49. Fuckkin aweeesssooome.

@DarrenKitchen 8 жыл бұрын

I love that guy! @HunterHonda is the man!

@tgyk1568 8 жыл бұрын

Do you regular any other motovloggers? Hunter and Dan are definitely a couple of my favorites.

@hitmansnipes6445 7 жыл бұрын

nothing shows up when i cat the .log file do i need to configure responder too?

@andrewel5383 8 жыл бұрын

im wonderinf if you would please do a vid on hack os's i mean there are several linux based hacking os im specifically focused on blackarch and kali

@tehtron 8 жыл бұрын

+Hak 5 I think i have another method to Snag creds for entire active directory domain that I have theories about

@ahmedifhaam7266 Жыл бұрын

no, you dont.

@becouso9h 8 жыл бұрын

do you need 2 turtle to do the job?

@TMusicLis 5 жыл бұрын

Whats the name of the Documentary.

@SoundsFantastic 8 жыл бұрын

Green beginning....HULK!

@mysticsilent 8 жыл бұрын

thnx :) nice tutorial and excellent explanation!

@ronniepalmer9813 8 жыл бұрын

is there a way I can buy your stuff in the UK

@AlexKennedy47 8 жыл бұрын

So how did the autologin work? Or can someone point me to good information to pass the hash?

@bseverance5390 8 жыл бұрын

Too Cool! One more thing I can do with my LAN Turtle!

@edwinkania5286 3 жыл бұрын

What is up with the wrist wrap............

@joshuaott2800 4 жыл бұрын

So... it doesn't do anything you advertised? big surprise haha

@nitinmeena8589 8 жыл бұрын

can you tell how to break speed limit on a lan ?

@RoyalTurnips 3 жыл бұрын

Beirut go boom

@williammartens7037 7 жыл бұрын

Hello Hak5, i have seen a bounch of videos about the lan turtle, But, if you just connect it to the Home's /work's ethernet (and NOT a computer, just to a powersource like a powerbank,outlet,etc) can you acces everything on that network that are connected to the ethernet??? + is the lan turtle 's tools (msf-meterpreter,scan networks,MITM-attacks, etc) fully undetectable? Please answear this as fast as possible!

@ahmedifhaam7266 Жыл бұрын

ooh

@speedcorefreak7238 8 жыл бұрын

@hak5 Echo in the audio

@hotfreshrider 8 жыл бұрын

Shipping estimate: September 27 but we want it nooowwww

@glitchtheanarchist5589 6 жыл бұрын

Can c++ work for this. Or is it just python and bash.

@ahmedifhaam7266 Жыл бұрын

anything works prolly,

@fahdadni 8 жыл бұрын

i got an idea, it's called lanpi, it's a box with raspberry pi with 3g or lte modem shared over Ethernet with lan turtle and it's portable and usable anytime please respond hahahah

@karelorigin4649 8 жыл бұрын

connect your phone with the raspberry pi using the usb port, enable usb tethering, problem solved.

@fahdadni 8 жыл бұрын

Yep or that Lol hahaha

@forskern 5 жыл бұрын

Can you do this with bash bunny?

@Q_20 8 жыл бұрын

What? I don't think it would work if I prevent installation of driver.

@ahmedifhaam7266 Жыл бұрын

does it install anything?

@Antonio-yp3tj 5 жыл бұрын

He looks like he’s from florida

@OSHA_Inspector 4 жыл бұрын

Florida Man (Hacker Version)

@dpatt6175 5 жыл бұрын

Puff puff pass the hash

@Nismo1019 8 жыл бұрын

Does this attack work using a pi zero??

@andrewhennessy620 4 жыл бұрын

it could if you put in the time to build it

@briankelleher5649 7 жыл бұрын

Hi could you possibly make your videos more concise because they drag on a lot.

@ericmin6055 7 жыл бұрын

but that's why i like it if they make it concise I think it will become boring like most other hacking vids.

@ThereWillBeCake 3 жыл бұрын

bob is another name for kate

@virtualevan 8 жыл бұрын

Hey! Listen!

@pablorodriguez196 8 жыл бұрын

great stuff guys!

@sureal808 8 жыл бұрын

Anyone able to get this working? Have a lan turtle and a fresh Windows 10 install but no luck.

@bwagenberg Жыл бұрын

So how unlock a logged off pc?

@croquis24 6 жыл бұрын

wayt i just realise you can do theis atac from the network room lol

@ericmin6055 7 жыл бұрын

But most of all, Samy is my hero.

@slimshady4126 6 жыл бұрын

Didn't know darren was reppin

@Calm_Energy 5 жыл бұрын

I too 🧡 the directory name /root/loot lol

@CodeBeasty 8 жыл бұрын

WOOOOOO

@zirizo 4 жыл бұрын

Creds?

@pcbreezejp 6 жыл бұрын

I want that pineapple shirt

@aidenblanchard7157 4 жыл бұрын

rip Lebanon... F

@j0ltc0lajunki3 8 жыл бұрын

Damn Darren, That shirt

@QasimSeeha 8 жыл бұрын

Nice hat mubix د

@geekinginandout 8 жыл бұрын

nice shirt

@prod.treyxoldd 5 жыл бұрын

hak5 how do create my own physical access hacking device

@lifeisaadventure9948 5 жыл бұрын

I’d 😍 to be able to hack our wireless printer 🖨 👩🏼‍💻

@tomerkane8424 7 жыл бұрын

Hi guys im totally new to the hacking world even tho i know some html css and python. Where i can start learning the lenguage the use on the trrminal and the explanation of what are hashes and all that cool stuff.

@fatcunt6765 7 жыл бұрын

learn to code first. i started off with c# to make bots for discord and other cool stuff, just look something up

@millipeace86 8 жыл бұрын

I love your content, and the contents of your shirt but can I be real with ya? You look like you should be in a ska band.

@hak5 8 жыл бұрын

Don't judge a book by it's cover. The way a person dresses doesn't necessarily constitute what they are into. Food for thought. - Shannon

@RawApeFromAlbion 9 ай бұрын

yo dog!

@phreaklulz 8 жыл бұрын

I have noticed with the lanturtle, if the user does not have access to the internet, OR if the computer does not allow Microsoft to search for drivers outside of the computer, then the LanTurtle only shows up as a 10/100 Ethernet device with no function. So my question, wouldn't something like this mitigate the attack? support.microsoft.com/en-us/kb/2500967