Jump to content

Configuring for USB Mass Storage.

MrSelfDestruct

By MrSelfDestruct
in Key Croc

 Share

Recommended Posts

MrSelfDestruct Newbie

MrSelfDestruct

Posted
Posted

I'm trying to test out a very specific use case on a device I'm doing a pen test on.  I purchased Key Croc as it seemed like it could work for my use case.

I'm trying to do hardware ID cloning using a specific VID/PID that is whitelisted on the device I'm testing, but instead of using it as a keyboard, I want to use the udisk partition to see if I can get it to detect as a mass storage device to see if I can transfer files to the device.

I've used this as a reference:
https://docs.hak5.org/key-croc/writing-payloads/hardware-id-cloning 

but it does not seem to work.  Could someone help me out with the exact syntax and clarification if I only need to make this change in the config.txt file, or if I need to do anything in the payloads directory.

I don't want to post the specific PID/VID but for example, lets say it is these:
VID VID_0X2N1P
PID PID_0X0088

Link to comment
Share on other sites
dark_pyrro Veteran

dark_pyrro

Posted
Posted

OK, to sum it all up when it comes to the use case...

- no attached keyboard to the Croc

- Croc attached to the target machine

- only want the Croc to enumerate as storage on the target

- the storage used is the udisk on the Croc

- a specific VID/PID is desired for the storage device

Did you try creating a payload that includes: 

ATTACKMODE STORAGE VID_0X0A5C PID_0X3025

(or whatever VID/PID that you want to use)?

Link to comment
Share on other sites
MrSelfDestruct Newbie

MrSelfDestruct

Posted
  • Author
Posted

I did try that payload.  This is what it still detect as when I plug it into my system.  It's also not showing the vid/pid I'm configuring.
RNDIS/Ethernet Gadget HID (Human Interface Device)

The device I'm pen testing doesn't see it at all, I suspect because it's not detecting the right pid/vid.

 

I've added that line in both the config.txt and in the /payloads/example_payload.txt with the same results as above.

 


For what it's worth, I verified it's on the latest update and it is reading from the config.txt without issue as my wifi configuration is detected properly.

 

I'm not sure what else to do.  I think I'm configuring it right but my laptop and the device I'm testing is not seeing my custom configured vid/pid.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...