spywill
GitHub
parent
c7928ab2df
commit
ffbae8d3c1
|
|
@ -1,18 +1,21 @@
|
|||
# Croc_Pot
|
||||
|
||||
## INTRODUCTION :
|
||||
- This project is developed for the HAK5 KeyCroc (Croc_Pot in development and testing)
|
||||
* This project is developed for the HAK5 KeyCroc
|
||||
- Keycroc is a powerful pentesting device use ethically and responsibly
|
||||
- Thanks to everyone at HAK5 for this platform to work on
|
||||
- (Croc_Pot in development and testing)
|
||||
|
||||
* **Croc_Pot_Payload.txt**
|
||||
- Will start OS detection scan to see what OS the keycroc is pluged into (usb), collect some data off the target pc, automatically start an SSH session with connected target pc (wifi) and start Croc_Pot script
|
||||
- Ensure your keycroc is connected to the target pc wifi first before running **crocpot** If you do not have the target pc wifi credentials Croc_Pot has a payload to get you online (payload called getonline working on windows and Raspberry pi in development for linux version)
|
||||
- Ensure your keycroc is connected to the target pc wifi first before running **crocpot** If you do not have the target pc wifi credentials Croc_Pot has a payload to get you online (payload called getonline working on windows & Raspberry pi & linux)
|
||||
|
||||
* **Croc_Pot.sh**
|
||||
- This project is to automate some commands for the keycroc for quicker setup, install payloads, remotely connect to keycroc, nmap tcpdump target pc scan, edited files on your keycroc, send e-mail from your keycroc, SSH to hak5 gear, run hak5 cloud C2 on keycroc, status of your keycroc, and more
|
||||
|
||||
* **TESTED ON**
|
||||
- Windows 10
|
||||
- Raspberry pi 4 with gnome-terminal installed
|
||||
- Raspberry pi 4
|
||||
- linux parrot os
|
||||
- Sorry no support for MAC OS
|
||||
|
||||
|
|
@ -31,10 +34,18 @@
|
|||
- Second way to start Croc_Pot.sh is type in anywhere **crocpot** this will start Croc_Pot.sh script automatically.
|
||||
- It is recommended to start Croc_Pot.sh script with typing in **crocpot** as this payload will collect some data off the target pc. Some of the info that it will collect will be Target pc (ip address, current user name, pc host name, ssid and passwd, mac address), This info will be used in the Croc_Pot.sh script.
|
||||
- **NOTE:** When running **crocpot** scan takes about 30-40 sec to start because of OS detection then Croc_Pot will start.
|
||||
- **TIPS:** When Starting Croc_Pot on new target pc
|
||||
- 1: Run Getonline payload to connect the keycroc to the target pc wifi.
|
||||
- 2: Run CrocUnlock payload to get the target pc passwd.
|
||||
- 3: Then type in anywhere crocpot.
|
||||
|
||||
## SSH MENU :
|
||||
|
||||
### SSH TO HAK5 GEAR
|
||||
* Automatically Accepts SSH Fingerprint with Command Line Options
|
||||
- Croc_Pot in some of ssh options will automatically accept the SSH servers fingerprint and add it to the known hosts file we can pass the StrictHostKeyChecking no option to SSH. Example ssh -o "StrictHostKeyChecking no" HOST@IP
|
||||
- **NOTE:** Automatically accepting the SSH fingerprint effectively bypasses the security put in place by SSH. You should be careful using this, especially on untrusted networks, including the public internet.
|
||||
|
||||
* **SSH TO HAK5 GEAR**
|
||||
* Ensure all hak5 gear is connected to the same local network as your keycroc
|
||||
- Recommended to setup ssh PUBLIC AND PRIVATE KEY to each of your hak5 gear, SSH to your gear Without Password
|
||||
- SSH keycroc to Bash Bunny setup, first ensure your bash bunny has internet connection and connected to the same pc as your Keycroc, (bash bunny internet setup can be found at docs.hak5.org), Croc_Pot.sh will create a payload for your bash bunny, this file will be saved on your keycroc at tools/Croc_Pot/Bunny_Payload_Shell then copy this file to one of the payload switches on your bash bunny this is to start Reverse SSH Tunnel to keycroc.
|
||||
|
|
|
|||
Loading…
Reference in New Issue