Key Croc
Search…
The Key Croc by Hak5
Getting Started
Key Croc Basics
Configuration
Files and Directory Structure
Default Settings
Getting the Key Croc Online
Configuring Cloud C²
Understanding Languages
Beginner Guides
Password Sniffing with the Key Croc — Easy, or Super Easy?
New Features in Key Croc 1.3
Payloads and Loot
Payload Primer
Getting Payloads
Activating and Deactivating Payloads
Loot
Advanced Usage
Serial Console Access
Updating the Firmware
Factory Reset
Writing Payloads
Key Croc Payload Development
The MATCH Command
The SAVEKEYS Command
The ATTACKMODE Command
Hardware ID Cloning
The QUACK Command
Advanced QUACK Commands
The LED Command
Ducky Script Commands
Command Quick Reference
Tips & Tricks
Understanding the File System
Interactive Payload Development
Installing Extras like Metasploit
Helpful Payload Snippets
Product Information
Important Safety Information and Warnings
Specifications
Powered By GitBook
Advanced QUACK Commands

KEYCODE will inject an arbitrary keystroke from a three byte scan code. This may be useful when used in conjunction with HOLD, for language agnostics payloads, or when testing multimedia and other extended key functions not explicitly defined in the language file.

QUACK KEYCODE 00,00,56
# This will type the '-' character from the numpad row

ALTCODE allows the printing of alt-codes on Windows systems only.

QUACK ALTCODE 168
# This will print an upside down questionmark
QUACK ALTCODE 236
# This will print an infinity symbol

HOLD will hold the specified key until QUACK RELEASE is issued. HOLD accepts either a KEYCODE or a STRING.

QUACK STRING G
QUACK HOLD STRING o
QUACK DELAY 1000
QUACK RELEASE
QUACK STRING d morning!
# This holds the o key for about 1 second, resulting in "Gooooooooooooooood morning!" (with the number of o's depending on the target's key-repeat setup.
QUACK HOLD KEYCODE 00,00,52
QUACK DELAY 1000
QUACK RELEASE
# Holds the up arrow key for about 1 second

Each target interprets held keys differently. When holding the spacebar on your keyboard, the keyboard is not sending a multitude of spacebar scan codes – rather a single hold and release. As you watch your cursor cross the screen, the rate is determined by the operating system.

LOCK will prevent the attached keyboard from passing through keystrokes to the target. This may be useful in payloads which need to temporarily lock out the user while a sensitive keystroke injection attack is occuring. Keys pressed on the attached keyboard are not buffered while using LOCK and will not be typed once unlocked.
UNLOCK will allow the attached keyboard to pass through keystrokes to the target once more after the QUACK LOCK command is issued.

The QUACK STRING command accepts strings interpreted by bash. Consider these key elements when using QUACK STRING.

When using special characters, such as the apostrophe in the example below, wrap the string with quotes – otherwise bash will be expecting a second apostrophe to complete the quote, and the interpretation will not be what you expect.
QUACK STRING "Isn't this a cool string"

Alternatively, special characters may be escaped rather than wrapping the string in quotes.
QUACK STRING Isn\'t this a cool string

Since QUACK STRING is interpreted by bash, command substitution may be used. In this example, the Key Croc will inject the keystrokes containing the output of the ifconfig command.
QUACK STRING "$(ifconfig usb0 | grep 'inet addr')"
Compare this to the following, without the $() command substitution directive, which actually injects the keystrokes of the command in question.
QUACK STRING "ifconfig usb0 | grep 'inet addr'"
Writing Payloads - Previous
The QUACK Command
Next - Writing Payloads
The LED Command
Last modified 1yr ago
Copy link
On this page
QUACK KEYCODE
EXAMPLE
QUACK ALTCODE
EXAMPLES
QUACK HOLD AND RELEASE
EXAMPLE
TECHNICAL DETAIL
QUACK LOCK AND UNLOCK
BASH CONSIDERATIONS FOR QUACK STRING
QUACK STRING WITH QUOTES
QUACK STRING AND ESCAPING SPECIAL CHARACTERS
QUACK STRING WITH COMMAND SUBSTITUTION