supercop89

Does anybody find a way to start the payload without match syntax? In some cases there is no input necessary and the plan is to start the scripts remote. What is the prefered way for the croc framework.

Just the internet access tester with green and red LED.

Ok i will describe the situation again and maybe you know some little approach to get access to the keycroc. Hopefully it's clear what i mean. The keycroc is a default product with no updated certificates. The arming mode is enable dbut doesn't accept our password (i'm sure it's correct) and ssh server is disabled. Therefore it's not possible to start the arming mode BUT we uploaded the device.config for the C2 before and see that the keycroc tries to connect via https port (binary flag -https). Unfortunately with the https flag (let's encrypt) the logs show "remote error: tls: expired certificate" and the keycroc has no connection to the cloud. No connections means that it's not possible to start a reverse ssh connection (rescue plan to disable arming mode). So a plan could be to create some certificate (<> lets'encrypt) for the server where the keycroc ca's are default on the device. We need that connection just once to connect back via SSH. I hope that my clarification was ok to comprehend the issues.

My plan was to use the Enable QUACK Mode in the webinterface to start a service or just id information. If the quark mode in the webinterface of the keycroc is enabled the value STRING "$(id)" doesn't result the command just the text "$(id)". So there is no advanced command possible.

In the hak5 c2 webinterface of the keycroc exists Enable QUACK MODE. I think there it's possible to execute bash commands.

Dear community, is it possible to use the command ENABLE_SSH also in the Quack Mode in the web interface under CONFIGURATION. Can someone try that for me, if it's possible to start ssh via the "ENABLE QUACK MODE" or any other chance to start ssh via web interface except reverse ssh connection. BR

Dear community, can someone please tell me which certificate issuer works out of the box with firmware 1.3? With some we get "unknown certificate authority" every time. Maybe an expert has the working alternative to lets' encrypt which works from the default device without changes. BR

Hi, we started the binary with the https flag and downloaded the device.config to the croc. In the firewall we see that the croc tries to connect to 443 but the binary delivers the following answer to the croc. Therefore it is no connection to the c2 cloud. remote error: tls: expired certificate Everytime the same behaviour. Very strange. BR cop

Do you mean to change both lines? Like that? if pgrep -f LED | grep -qvE "$$|${PPID}"; then #kill "$(pgrep -f LED | grep -vE "$$|${PPID}" | tr '\n' ' ')" > /dev/null 2> ps | grep LED | grep -v grep | awk '{print $1}' | grep -v $$ | xargs kill -9 fi if pgrep -f DO_A_BARREL_ROLL | grep -qvE "$$|${PPID}"; then #kill "$(pgrep -f DO_A_BARREL_ROLL | grep -vE "$$|${PPID}" | tr '\n' ' ')" > ps | grep LED | grep -v grep | awk '{print $1}' | grep -v $$ | xargs kill -9 BR cop