Jump to content

Recommended Posts

Posted (edited)

CrocSSH

By RootJunky

Key Croc SSH login is really simple to use and makes it easy to ssh into your Key Croc with one simple command into a terminal ( crocssh ). Once you enter the command the script will erase the crocssh in the terminal and enter everything including the IP into the terminal along with the default password and get you logged into the device over ssh. First login requires you to accept the secure id but after that this script will log you in without any problems. suggestions welcome to improve this payload. Must type on target keyboard. 

Note: this payload is developed for Windows only and will not work on linux or OSX.  Maybe Spywill can put together a Linux and mac OSX version for you guys. 

croc-ssh-payload.txt

# Title:         Key Croc ssh login
# Description:   Logs into key croc over ssh
# Author:        RootJunky
# Version:       1.0
# Category:      Key Croc
#
#
MATCH crocssh
QUACK LOCK
QUACK BACKSPACE
QUACK BACKSPACE
QUACK BACKSPACE
QUACK BACKSPACE
QUACK BACKSPACE
QUACK BACKSPACE
QUACK BACKSPACE
QUACK STRING "ssh root@"
QUACK STRING $(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)
QUACK DELAY 1000
QUACK ENTER
QUACK DELAY 1000
QUACK STRING "hak5croc"
QUACK ENTER
QUACK ENTER
QUACK UNLOCK

Version 2.0 will open powershell and login to the keycroc along with bring you to a live key log that you can view as people type on the keyboard.  Big thanks to Spywill for his help on this update. 🙂

# Title:         Key Croc ssh login
# Description:   Logs into key croc over ssh
# Author:        RootJunky / Spywill
# Version:       2.0
# Category:      Key Croc
#
#
MATCH crocssh
Q LOCK
Q GUI r
sleep 1
Q STRING "powershell"
Q ENTER
sleep 2
Q STRING "ssh root@"
sleep 1
Q STRING $(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)
sleep 1
Q ENTER
sleep 1
Q STRING "hak5croc"
Q ENTER
sleep 1
Q STRING "cd loot"
Q ENTER
sleep 1
# press control +c to exit
Q STRING echo "press control + c to exit this live key log"
Q ENTER
Q ENTER
Q STRING "tail -f croc_char.log"
Q ENTER
Q UNLOCK
LED FINISH

Big thanks to Hak5 for this awesome and fun Key Croc.

Developed by RootJunky / Spywill

croc-ssh-2.0.txt

croc-ssh1.0.txt

Edited by RootJunky
Link to post
Share on other sites
  • 3 months later...

hi,

i  have set KB in the config to "de"

when i run crocssh on my linux laptop i got this output:

┌─[rowie@rowie-xps]─[~]
└──╼ $ssh root"10.40.50.123
> hak5croc
> 
> 

same for crocinfo


 

CROC FIRMWAREÖ1.3?510


IPÖ10.40.50.123

DNSÖnameserver 8.88.8

DNSÖnameserver 1.1..1


USERÖroot


PASSWORDÖhak5cro


HOSTNAMEÖcro


SSHÖssh root"10.4050.123


MODEÖHID VID?0X046D PID?0XC326

what´s wrong here?

 

br,

rowie

 

Link to post
Share on other sites
  • 2 weeks later...

Thanks to RootJunky for this payload 

 

(Linux)

# Title:          Key Croc ssh login (Linux)
# Description:    Logs into key croc over ssh
# Author:         RootJunky / Spywill
# Version:        2.0
# Category:       Key Croc
#
#
MATCH linssh
Q LOCK
Q ALT F2
sleep 1
Q STRING "xterm"
Q ENTER
sleep 1
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)"
Q ENTER
sleep 1
Q STRING "hak5croc"
Q ENTER
sleep 1
# press control + c to exit
Q STRING "echo -e \"\033[33;4;1mcontrol + c to exit this live key log\033[0m\""             
Q ENTER
sleep 2
Q STRING "cd loot"
Q ENTER
sleep 1
Q STRING "tail -f croc_char.log"
Q ENTER
Q UNLOCK
LED FINISH

 

(OSX)

# Title:          Key Croc ssh login (OSX)
# Description:    Logs into key croc over ssh
# Author:         RootJunky / Spywill
# Version:        2.0
# Category:       Key Croc
#
#
MATCH osxssh
Q LOCK
Q GUI-SPACE
sleep 1
Q STRING "terminal"
Q ENTER
sleep 1
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" 
Q ENTER
sleep 1
Q STRING "hak5croc"
Q ENTER
sleep 1
# press control + c to exit
Q STRING "echo -e \"\033[33;4;1mcontrol + c to exit this live key log\033[0m\""             
Q ENTER
sleep 2
Q STRING "cd loot"
Q ENTER
sleep 1
Q STRING "tail -f croc_char.log"
Q ENTER
Q UNLOCK
LED FINISH

 

(Raspberry pi)

# Title:          Key Croc ssh login (Raspberry pi)
# Description:    Logs into key croc over ssh
# Author:         RootJunky / Spywill
# Version:        2.0
# Category:       Key Croc
#
#
MATCH raspssh
Q LOCK
sleep 5
Q STRING "terminal"
Q ENTER
Q ENTER
sleep 1
Q STRING "ssh root@$(ifconfig wlan0 | grep "inet addr" | awk {'print $2'} | cut -c 6-)" 
Q ENTER
sleep 1
Q STRING "hak5croc"
Q ENTER
sleep 1
# press control + c to exit
Q STRING "echo -e \"\033[33;4;1mcontrol + c to exit this live key log\033[0m\""             
Q ENTER
sleep 2
Q STRING "cd loot"
Q ENTER
sleep 1
Q STRING "tail -f croc_char.log"
Q ENTER
Q UNLOCK
LED FINISH

 

Edited by spywill
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...