For this page you will need the LockPicker payload enabled in the setup.cfg file.

Obviously if we are using this in the field we likely aren’t bringing a monitor with us, and we are not going to connect to SSH using a target machine to see what’s on our P4WNP1.

The P4WNP1 has light indicators the blink in secquence with what it is dowing when running the LockPicker Payload.

We start by plugging in the P4WNP1 into a target machine. The MicroUSB cable should be plugged into the USB or DATA port on the P4WNP1. IT will take 15-30 seconds for the P4WNP1 to boot up and you may see dim to random flickering of the lights. You may hear an audible chime come from the computer, that indicates that the P4WNP1 has booted.

Double Blinking lights indicate that the LockPicker script is attempting to acquire the NTLMv2 hashes

GIF_20240710_175742_595.gif

Three Blinking lights indicate that the LockPicker script has acquired the NTLMv2 Hashes and is attempting to crack them using John the Ripper and the packaged wordlist.

GIF_20240710_175926_983.gif

Solid Green light indicates that the password has been cracked. Stand by and watch the screen it will send several Ctrl+Alt+Del commands to get to the login screen. It will then automatically type the cracked password and hit enter logging you into the machine.