Jump to content

Cloud C2 and Video Loot


flipchart

Recommended Posts

Posted

Does this only happen to me, or are videofiles from the Screen Crab not being exfiltrated to cloud c2?

I can not enable streaming when the ScreenCrab is in video capture mode. I have tried with 120s and 5s capture interval. Maybe this is related to the issue. Furtheron I see no possibility to download the loot later as there is no shell access. My current Firmware on the ScreenCrab is version 1.0.6

  • 2 months later...
Posted

 

@Darren Kitchen,  your post

contains follow:

"Connect it to the Internet over WiFi and exfiltrate those screenshots, or watch the video signal live from anywhere online with Hak5's Cloud C2."

When I ordered the screen crab, I was completely sure that I could watch the live video signal from anywhere in the world with the Hak5 Cloud C2. Now it turns out that this is not so? through C2 I can watch only screenshots?

Posted

I see how that wording is confusing. The intention was not to mislead. I will update it to make it more clear. The sales page states that video captures save mpeg files in various bitrates.

When we finish up the currently in progress feature release of the Key Croc, we will investigate adding the C2EXFIL option for video files with an update.

Live video streaming could be setup today using ffmpeg, which may be installed from apt on the device. There is a root shell accessible via serial. That said, this setup would require an RTMP server in order to receive the video signal. That's outside of the scope of Cloud C2 for now - however it doesn't look difficult to deploy based on this: https://obsproject.com/forum/resources/how-to-set-up-your-own-private-rtmp-server-using-nginx.50/

Now I understand this answer may be disappointing. I wish you only the best experience with Hak5 gear. Should it not be to your satisfaction, please submit a ticket at https://shop.hak5.org/contact and we will make it right.

Posted

@Darren Kitchen thanks for the honest and detailed answer!

I am afraid to get access via the serial port, because I can lose the warranty, or break the device.

I will submit a ticket at https://shop.hak5.org/contact for resolve this issue.

P.S. Before I ordered crab, I has only the best experience with Hak5 gear. Screen crab a bit disappoint me.

  • 11 months later...
Posted
On 6/15/2020 at 1:40 PM, Darren Kitchen said:

Live video streaming could be setup today using ffmpeg, which may be installed from apt on the device. There is a root shell accessible via serial. That said, this setup would require an RTMP server in order to receive the video signal.

So I decided to take on this project, and I got into the root shell and found out I know very little about Android OS. The crab appears to be running Android 6.0.1, which I've been learning to navigate. I found a link on the documentation from the trac.FFmpeg website to some versions of FFmpeg for Android here. It appears to be possible but, unfortunately, I was unsuccessful in trying to compile these for a myriad of reasons that will likely bore most of you. The OS on the screen crab only has one package installer that I have been able to find:

busybox wget URL

But I was unable to get it to recognize any hosts other than IP addresses which made things difficult. Trying to us apt led to the simple output of command not found. I am currently at a block, largely due to my unfamiliarity with the OS and shell, but I will update if I am able to make any headway as I continue to try to set up streaming on the crab.

Has anyone had success on this project as of yet?

Posted

I've been running ffmpeg on the Crab for a while now. Streaming to Twitch and via a stream server of my own (C2 is out of scope since I can't get under the hood). Streaming a local file from the Crab isn't any problem. The challenge for me now is to get hold of the HDMI output and stream it using ffmpeg. I've been "successful" in using screenrecord and pipe that output to ffmpeg and further on to the stream server. It's not that "live" though, more of a static image. I need to get hold of the actual "hardware" output though, but the only devices I can find are fb or v4l2 based and the output is "nada". The lack of a package manager (as you mention) is challenging when it comes to adding software to the Crab. I don't consider wget to be a package installer though, and nothing else is available as I've found up until now. I think Darren mentioned that apt was possible in some other thread, but that isn't valid for my Crab at least (or I have failed to find it). As you say, it runs Android 6.0.1 and the hardware components are similar to some "Smart TV boxes" on the market. OpenWrt is also part of the spec, but not in the "usual" implementation of that OS. Other than ffmpeg, I'm running a web server on the Crab (when needed, most often to transfer files from the Crab instead of using the SD card) and also an alternative editor since it's easier to work with than using vi (that is possible to execute using busybox). My most recent challenge is to get an ssh server running but I'm not done there yet, either Dropbear or a plain OpenSSH daemon.

Edit: I should add though (when speaking of package managers) that it is totally possible to sideload apk's and install them on the Crab using adb and the adb daemon, but sadly of little use since Android apps (for obvious reasons) 99 times out of 100 (not scientifically verified) are GUI based.

Posted
8 hours ago, chrizree said:

I've been running ffmpeg on the Crab for a while now. Streaming to Twitch and via a stream server of my own (C2 is out of scope since I can't get under the hood). Streaming a local file from the Crab isn't any problem. The challenge for me now is to get hold of the HDMI output and stream it using ffmpeg. I've been "successful" in using screenrecord and pipe that output to ffmpeg and further on to the stream server. It's not that "live" though, more of a static image.

Can you post some information on how you got ffmpeg onto the crab?

Posted

Absolutely! However, I will not take any responsibility for any bad things that might happen since I have no control over the binary. I haven't noticed anything that it might be malicious though and it can be compiled from source (after examining the source of course) if being suspicious about things in any way. So... you have been warned... 🙂

Visit this GitHub repo and download a prebuilt binary
https://github.com/Khang-NT/ffmpeg-binary-android/releases

use the ARM 7 one
arm-v7n-full.tar.bz2

Direct link:
https://github.com/Khang-NT/ffmpeg-binary-android/releases/download/2018-07-31/arm-v7n-full.tar.bz2

Then copy it to some directory on the Crab (I'm using a subdir in /data for now since it's "$HOME" on the Crab) and then execute it with ./ffmpeg (chmod +x if needed to make it executable)

Posted

Thanks for the assistance. I've certainly learned a lot about Android working on this, and I had no idea what package to start out with. I was able to get the FFmpeg onto the crab and like you said, streaming live video from the screenrecord command has some room for improvement. Other than a really slow feed, another issue is the 180 second max time limit on the Android command. I read that it can be adjusted if your willing to dig through some hex. Overall, there are a lot of adjustments that need to be made if one wants to make a plug and play attack for streaming the HDMI feed.

Honestly, after a few hours of tinkering just to get a slow, staggered stream. I'm pretty happy with streamed screenshots over the C2 server.

Posted

Using screenrecord is more of a "proof of concept" way of doing things (or work around). It's not optimal at all, that's why I want to get hold of the true HDMI hardware stream instead of doing a pipe from software to software. I gave up on that though since none of the more obvious sources isn't possible to use. The screenrecord limit can be solved by putting screenrecord in a loop. Best thing is to recompile it without that limit (kMaxTimeLimitSec). However (as you have discovered as well as me), that isn't a road I want to travel since screenrecord isn't a part of this particular scenario.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...