Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About fneagle

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks! I'll try it. Meanwhile, I did is this way: QUACK GUI-r QUACK STRING "tskill powershell"
  2. Hi, I'm trying to get a simple script running with the Key Croc. I had many problems in the beginning with Wifi, language and special keys, but have made some progress. First of all: It is very difficult to get a simple script running with the Croc. You always have to switch between arming and attack mode. Sometimes it is working, sometimes not. I can even see no reason why it is so unstable. My feedback at the moment: It is not worse to use it. Keylogger okay, but for the rest I'll use different tools. I don't want to give up and would like to finish my project with the Croc.
  3. It appears that the DUCKY_LANG is never exported from config.txt and Q and QUACK always go back to the default US language. If you manually export DUCKY_LANG=de in every payload it works. This makes no sense for me and should be fixed in the next release. For German readers only: https://pentestit.de/hak5-key-croc-grundlagen/
  4. Since I get no reply to my previous post, I would like to know, who is using language different from us? What kind of experiences do you have with other languages? Does it really work? I'm especially interested in ATTACKMODE HID. https://forums.hak5.org/topic/53256-language-configuration-with-configtxt/
  5. I just checked the Keylogger-Output. It recognizes the correct keys. So, it has something to do with HID. What experiences do you have with other languages and HID feature? Please help!
  6. To start with the payload development, I configured the Key Croc using config.txt. I just made WiFi and language settings like this: DUCKY_LAMG de WIFI_SSID ThisAP WIFI_PASS ThisPasswordisBad Wifi is working fine, so the config seems okay. My example script looks like this MATCH easy QUACK DELAY 5000 # Start attack QUACK LOCK QUACK GUI-r QUACK DELAY 2 QUACK STRING "powershell.exe" QUACK ENTER QUACK STRING "Das ist ein Test qwertzui yxcvbn" It started the PowerShell Window using the Keyword "easy", but the Output looks like this: Das ist ein Test qwertyui zxcvbn This mean
  7. Confucius sad: "Life is really simple, but we insist on making it complicated." I had the same problem with another project using wpa_supplicant.conf. See here. Waiting for your Payloads ... 😀
  8. Please post current /etc/wpa_supplicant.conf! Please post ifconfig output! Do you stille have the ^M inside the quotations? This is my /etc/wpa_supplicant.conf: network={ ssid="Monday" psk="10Erhatxyzklmnhoecker!20" priority=1 } Do not configure wifi in config.txt! Make sure to have unix-style file endings in your conf file! Read here! How do you create config.txt? With Windows? Try Linux or use Notepad++ with Unix line endings.
  9. I found a solution for my wifi network. I connected via serial interface to croc and checked /etc/wpa_supplicant.conf. Silly, the Backslash was in the Password. This is, of course, not working. So a removed the backslash in the config.txt like this: DUCKY_LANG de WIFI_SSID mywifi WIFI_PASS mypassword1234!5 SSH ENABLE And guess what? It works for me...
  10. I'm thinking that the croc has problems with some access points. e.g. the Raspberry Pi is using the file wpa_supplicant.conf, you have to copy to the root partition. During the booting process, the file will be saved to the Pi. IMHO, that is a better solution, than to store the clear text password in config.txt From my point of view, the "backslash solution" in the config.txt should not be the preferred way to configure the croc.
  11. Howto configure keycroc as an access point with its own ssid and password? Then connect to it via ssh. Is this not the better solution compared to the default configuration in config.txt?
  12. It seems that the solution putting backslashes in front of spezial characters is not working with all networks. Test it with simple passwords!
  13. After testing with different SSID and passwords I can say: This configuration is working: DUCKY_LANG de WIFI_SSID mywifi WIFI_PASS mypassword12345 SSH ENABLE This configuration ist not working: DUCKY_LANG de WIFI_SSID mywifi WIFI_PASS mypassword1234\!5 SSH ENABLE So im my network your solution with the backslash is not working!!! The network password is set to mypassword1234!5
  14. Same problem here! I have tried simple password too. This is my config.txt: DUCKY_LANG de WIFI_SSID mywifi WIFI_PASS mypassword12345 SSH ENABLE
  15. This is the default VID/PID für the BB: USB\VID_F000&PID_FF20&REV_0333&MI_00 I can change the VID and PID without a problem, but what about the REV? I'm trying to bypass the "G DATA Keyboard Guard", a small software to defend against Keystroke Injection Attacks. If I allow a keyboard or HID, a registry entry will be generated by "G Data Keyboard Guard". It looks like this: HID\VID_0461&PID_0010&REV_0333&MI_00 In this case I changed the VID and PID already with the following command, but the REV still remain: ATTACKMODE HID VID_0X0461 PID_
  • Create New...