MrSelfDestruct Posted June 1, 2023 Share Posted June 1, 2023 I'm trying to test out a very specific use case on a device I'm doing a pen test on. I purchased Key Croc as it seemed like it could work for my use case. I'm trying to do hardware ID cloning using a specific VID/PID that is whitelisted on the device I'm testing, but instead of using it as a keyboard, I want to use the udisk partition to see if I can get it to detect as a mass storage device to see if I can transfer files to the device. I've used this as a reference:https://docs.hak5.org/key-croc/writing-payloads/hardware-id-cloning but it does not seem to work. Could someone help me out with the exact syntax and clarification if I only need to make this change in the config.txt file, or if I need to do anything in the payloads directory. I don't want to post the specific PID/VID but for example, lets say it is these: VID VID_0X2N1P PID PID_0X0088 Link to comment Share on other sites More sharing options...
dark_pyrro Posted June 2, 2023 Share Posted June 2, 2023 OK, to sum it all up when it comes to the use case... - no attached keyboard to the Croc - Croc attached to the target machine - only want the Croc to enumerate as storage on the target - the storage used is the udisk on the Croc - a specific VID/PID is desired for the storage device Did you try creating a payload that includes: ATTACKMODE STORAGE VID_0X0A5C PID_0X3025 (or whatever VID/PID that you want to use)? Link to comment Share on other sites More sharing options...
MrSelfDestruct Posted June 3, 2023 Author Share Posted June 3, 2023 I did try that payload. This is what it still detect as when I plug it into my system. It's also not showing the vid/pid I'm configuring. RNDIS/Ethernet Gadget HID (Human Interface Device) The device I'm pen testing doesn't see it at all, I suspect because it's not detecting the right pid/vid. I've added that line in both the config.txt and in the /payloads/example_payload.txt with the same results as above. For what it's worth, I verified it's on the latest update and it is reading from the config.txt without issue as my wifi configuration is detected properly. I'm not sure what else to do. I think I'm configuring it right but my laptop and the device I'm testing is not seeing my custom configured vid/pid. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.