catx0rr
-
Posts
23 -
Joined
-
Last visited
Posts posted by catx0rr
-
-
Hi,
As I try experimenting the payload to use a while loop to not turn it off and on, i made some validation checks to see if shark is connected before executing the payload / script.
at the end of the script:
while true; doLED B SLOWDELAY ${MAIN_SLEEP}if [ `CHECK_PORT` == "yes" ]; thenRESTART_NETWORKCREATE_LOOT_DIRSETUP_STARTEXECUTE_DHCP_CHECKfidoneCheck port is:
function CHECK_PORT() {ethtool eth0 | grep Link | awk '{print $3}'}eth tool will check if the link is detected:
# ethtool eth0 | grep Link Link detected: yes
Also tried: cat /sys/class/net/eth0/carrier to see if carrier value is 1.
It appears to be always connected because of the rj45 head of SharkJack?
-
this one worked for me. I tried most of the things to connect the croc to wifi, but to no avail. Connect to the serial console then create a file:
wpa_passphrase 'SSID_NAME' 'SSID_PASSPRHASE' > /etc/wpa_supplicant/wpa_supplicant.conf
And connect to the wifi using this :
wpa_supplicant -B -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0
To get IP address i requested to the DHCP server:
dhclient wlan0
Note that you might want to create a persistent service, if you want the croc to reconnect even after reboot.
/etc/systemd/system/wpa_supplicant.service
```
[Unit] Description=WPA supplicant [Service] Type=dbus BusName=fi.epitest.hostap.WPASupplicant ExecStart=/sbin/wpa_supplicant -u -s -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0 Restart=always [Install] WantedBy=default.target
```
and a DHCP service.
```
[Unit] Description= DHCP Client Before=network.target [Service] Type=forking ExecStart=/sbin/dhclient wlan0 -v ExecStop=/sbin/dhclient wlan0 -r Restart=always [Install] WantedBy=default.target
```
Enable services:
systemctl enable wpa_supplicant.service dhcp.service
systemctl start wpa_supplicant.service dhcp.service
Hope this helps, since this resolves my issue..
-
thanks for the help again dark_pyrro.. will look into the script and modify mine, or add tweaks regarding to the functionality of your code..
-
If you could share the code with me, that would be awesome.. or at least the logic for looping the functionality.. that's what i really need since i will share the croc with the associates/delegate some tasks to them.. I already tried, using reverse ssh tunnel before (as long as the firewall is not that restrictive). When i scanned hosts using nmap host enumeration from the network and send the results over private vps.
-
Hi dark_pyrro,
Sorry I didn't provide the complete info.. It was cable shark.
We will be on an engagement soon, so I am preparing for the payload script. We would like to assess if NAC / port sec is implemented on the network.. so, i have this little script to just blink if the DHCP server provides an IP to sharkjack. The catch is, I need to turn it off and on again just to re-run the script if i were to re-plug it against a different LAN port.
-
For example.. i have this payload.sh under /root/payload
the script finished executing after plugging the rj45 to the target (lan port) is there a way to rerun the script after plugging out and re-plug to another lan port without turning off sharkjack?
Is there any way to check if the SJC is connected already to some port?
in Shark Jack
Posted · Edited by catx0rr
Found it. it was
# swconfig dev switch0 show | grep link
link: port:0 link:down
link: port:1 link:down
link: port:2 link:down
link: port:3 link:down
link: port:4 link:down
link: port:5 link:down
link: port:6 link:up speed: 1000baseT full-duplex
# swconfig dev switch0 show | grep port:0 | awk '{print $3}' | cut -d':' -f2
It appears that eth0 is in link port 0, so made a validation check if it is connected.
Connected SJC to serial port on mobile terminal.. there i was able to check if the device is connected or not.