Hak5 – Key Croc. Is it worth it?

Hak5 the brains behind some of the industries greatest penetration testing tools announced their latest tool – the Key Croc.

The Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It’s the ultimate key-logging pentest implant.

Key Features:

  • Plug and Play – No configuration necessary. Out of the box keystrokes are recorded to the loot folder.
  • Cloud C² Enabled – Remotely manage payloads, stream and inject keystrokes, exfiltrate loot, even get a terminal right from your web browser.
  • Detection Evasion – Don’t be suspicious. Automatically clones hardware identifiers of the connected keyboard.
  • Simple Configuration – Turns into a flash drive with the press of a hidden button so setting options and payloads is just editing a text file.
  • RGB LED Status – Lights off while keylogging for stealth operation, yet incredibly useful while writing your next payload.
  • Keystroke Injection – Introducing Ducky Script 2.0 – enhancing the de facto language for the Keystroke Injection attack pioneered by Hak5.
  • Network Hijacking – Get direct network access to the target, bypassing IDS and perimeter firewalls by emulating USB Ethernet.
  • Powerful Hardware – Featuring a quad-core 1.2 GHz ARM CPU and 8 GB desktop-class SSD, this is one formidable pentest implant.
  • Linux Base – Get root access to the Debian base from a dedicated serial console or SSH to find familiar pentest tools pre-installed.
  • WiFi Enabled – With an integrated 2.4 GHz antenna for great wireless performance.

The Key Croc has so many features to get excited over, especially the detection evasion and network hijacking. Which I’d be interested try out and see the results.

Now, I do love implant tools like this, and maybe with some of these advanced features, $99.99 is a reasonable price tag but at the moment I’ll keep my hard earned cash and stick with other alternatives out there, like, Maltronics WiFi Keylogger which I’ve used countless times on engagements and is just over half the price of the Key Croc; coming in at £44 ($54).

Granted not as feature heavy as the Key Croc, but it doesn’t need to be.

For me, Hak5 need to get a few things right before I consider buying anymore gear:

  • Better communication and transparency – The bulletin board on the WiFi Pineapple, as an example, is a perfect communication channel to use. This hasn’t been updated for years and would have been useful to mention you were removing the android app from the google store.
  • More feature videos on these new devices. Show us how excited you are, demo some scenarios, feature some payloads. Just saying how excited or pumped you are on the initial video doesn’t show me why I should be spending a chunk of money your gear
  • Show us development roadmaps for these devices
  • Feature some of the amazing work coming from the community. Highlight payloads you’ve seen and celebrating these devices on the show

Think about beginners using your devices. Help them, support them. Not always directly, because I know your support teams are small and are probably worked to the bone, but use the community of experts you have. Without them I’d have stopped using your gear years ago.

Hopefully we’re starting to see some of the above come to life, with Darren Kitchen’s recent Cloud C2 Setup videos has been consistent and great to watch. Keep it up Hak5!

I’ll be doing some videos soon on older Hak5 implants I have in my arsenal to show off some amazing payloads from the community and what these devices can achieve in the wild.