konstantingoretzki
commented
4 years ago I've experienced the same problem. https://github.com/RoganDawes/P4wnP1_aloa/issues/154#issuecomment-675761372
If I set the new the network options (via web or cli) it seems like the settings do not immediately get published. I have to wait for the next DHCP request from the client until the settings reach the client and can not use the settings for the first DHCP reply.
Manually writing in the file /tmp/dnsmasq_usbeth.conf does also not work. I've also tried manually restarting the dnsmasq and dhcpcd without any luck.
I guess the only soultion would be to recompile the go app and manually set the options. In this file is also a commented entry for your needs: https://github.com/RoganDawes/P4wnP1_aloa/blob/5f5d5a4467a508c10e93bd941f95e8d4e4f56a9a/service/defaults.go#L79-L99
Besides the DHCP config problem: Are you sure that the QuickCreds attack is still possible? Have you used an older Win10 version as your victim machine? AFAIK even the improved attack aka. Win 10 Lockpicker seems to be fixed by Microsoft with KB4041691: https://p4wnp1.readthedocs.io/en/latest/Payload-Subfolder/Windows-10-Lockpicker-Subfolder/writeup_lockpicker/#genesis-and-development-of-p4wnp1-and-the-lockpicker-payload
I am trying to run QuickCreds (https://github.com/NightRang3r/P4wnP1-A.L.O.A.-Payloads) on 0.1.1 beta. I did install responder.
I always end up empty-handed in the quickcreds loot directory. It only creates empty noname-1, noname-2 etc directories.
I found a possible cause: every time upon boot it loads the master template I made for the QuickCreds, but fails to load the QuickCreds usbeth template, so it runs usbeth without the DHCP option number: 252 Option string: http://172.16.0.1/wpad.dat, even though it is stored and set to load that template upon startup.
Any ideas on how to overcome this? Would deploying the usbeth template AFTER boot and logging in to the web interface still make the script run succefully IF that failure to load master template upon boot was the cause? I think it would not work, since the script trigger is "DHCP lease issued"