Password harvesting and stealthy inject
This project is a quick, standalone demo of using keycroc to capture a password. Once the user is idle, it uses the password to login and inject a payload.
- Enter arming mode on your keycroc
- Drop keycroc_demo.txt into the keycroc's payload folder
- User uses GUI+l to lock the screen
- User types password, then ENTER (keycroc captures password starting at GUI+l until ENTER)
- User uses GUI+l to lock screen again, triggering phase 2
- Keycroc waits 5 secs
- Keycroc logs in with captured password
- Keycroc injects payload (opens a terminal and types out a skull ASCII art. Can be easily replaced with another payload)
- Kali linux (should work on all linux installations that have a GUI)