Saltar a contenido

Hak5 Key Croc Cheatsheet

Hak5 Key Croc Cheatsheet

Overview

The Hak5 Key Croc is a keylogger and keystroke injection tool disguised as a USB keyboard adapter. It allows you to capture keystrokes, inject payloads, and exfiltrate data.

Key Features

  • Keystroke Injection: Injects pre-programmed keystroke sequences.
  • Keylogging: Captures all keystrokes from the connected keyboard.
  • Covert: Disguised as a standard USB keyboard adapter.
  • Powerful: Runs on a quad-core ARM processor.
  • Simple Scripting: Payloads are written in a simple scripting language (DuckyScript).
  • Cloud C2 Ready: Can be managed remotely via Hak5s Cloud C2 platform.

Hardware Specifications

  • Processor: Quad-core ARM
  • Memory: 256 MB RAM
  • Storage: 2 GB onboard flash
  • Power: USB

Getting Started

  1. Power On: Plug the Key Croc into a USB port on a computer.
  2. Connect Keyboard: Plug a keyboard into the Key Croc.
  3. Arming Mode: The Key Croc will boot into Arming Mode, where you can connect to it via SSH to configure payloads.
  4. Attack Mode: Once configured, the Key Croc will enter Attack Mode and execute the selected payload.

Default Credentials

  • SSID: Key Croc
  • IP Address: 172.16.24.1
  • Username: root
  • Password: hak5croc

Payload Development

Payloads are written in DuckyScript, the same scripting language used by the USB Rubber Ducky.

Payload Structure:

REM Your payload logic here

REM Example: Open a command prompt and type a message
GUI r
DELAY 500
STRING cmd
ENTER
DELAY 500
STRING echo Hello, World!
ENTER

Keylogging

The Key Croc automatically logs all keystrokes from the connected keyboard. The logs are stored in the /root/loot/ directory.

Triggers

Payloads can be triggered by specific keywords or key combinations.

  • ATTACKMODE ...: Defines the trigger for the payload.
  • MATCH ...: Triggers the payload when a specific string is typed.
  • HOTKEY ...: Triggers the payload when a specific key combination is pressed.

Cloud C2 Integration

The Key Croc can be managed remotely using Hak5s Cloud C2 platform.

  1. Register: Register your Key Croc on the Cloud C2 platform.
  2. Provision: Provision the Key Croc with your Cloud C2 settings.
  3. Deploy: Deploy the Key Croc on the target computer.
  4. Manage: Manage the Key Croc, deploy payloads, and exfiltrate loot from the Cloud C2 dashboard.

Additional Resources