Key Croc
Summary
The Key Croc is a hardware keylogger by Hak5, which is capable of logging keystrokes, executing payloads, and emulating USB devices.
Requirements
- Operating system: Linux (Ubuntu 18.04 or newer), Windows, or MacOS
- Packages: git, nano (or another text editor)
- Additional Hardware: Wired keyboard
- Optional: A configured Cloud C2 server for advanced functionality
Description
Preparation
1. Download the latest firmware from https://downloads.hak5.org.
2. Verify the checksum using SHA256.
3. Plug in the Key Croc and press the arming button after 30 seconds.
4. Copy the .tar.gz firmware file to the Key Croc's root directory.
5. Safely eject, unplug, and replug the Key Croc to complete the firmware update.
Step 1
1. Mount the Key Croc's udisk on your computer.
2. Add a payload file in the payloads directory, e.g.:
MATCH sudo
SAVEKEYS /root/loot/passwords.txt UNTIL [ENTER]
In this payload "MATCH sudo" is used to activate the payload as soon as the user types the word "sudo" on the connected keyboard. "SAVEKEYS" is used to capture the keystrokes after the MATCH trigger. The captured keystrokes are saved in the file located at /root/loot/passwords.txt. The logging process is stopped after the ENTER key is pressed.
3. Unmount the device
Step 2
1. Plug device in between the targeted computer and it's keyboard.
2. Wait for user input.
Step 3
1. Switch to Arming Mode and synchronize loot files: mount /root/udisk cp /root/loot/*.log /your/local/directory
2. Review logs: croc_raw.log for raw key codes croc_char.log for human-readable keystrokes
Used Hardware
- Key Croc Keylogger by Hak5