Jump to content

Darren Kitchen

Root Admin
  • Content Count

  • Joined

  • Days Won


Everything posted by Darren Kitchen

  1. You can manually perform a firmware recovery from the serial console using the update_recovery script, which I believe is in /usr/loca/bunny/. Standard precautions apply.
  2. If you just got your Bash Bunny and you're looking for information on getting started and grasping the fundamentals, there's no better source than the official documentation at https://docs.hak5.org There you can learn the ins and outs of the device language, switch positions, mass storage, serial connection, internet connectivity, software updates, payload development and much more. There are even video guides covering specific payloads as examples. Once you've reviewed all of that, please feel free to ask specific questions here in the community forums. Welcome!
  3. By default the check in interval is set to 5 seconds, which provides for a snappy response at the cost of higher data transfer. Feel free to change the interval from the settings menu.
  4. A packet filtering bug was introduced in OpenWRT 19.07 which caused issues with DWAll. We implemented this OS base on firmware 2.6.0. The bug was fixed in 2.6.2 - so it's safe to say the module will work on 2.6.2 as well as firmwares before OpenWRT 19.07 which include 2.5.4 and before.
  5. Yes, it's running Linux and that serial console will get you a root shell - so feel free to hack it to your heart's content. Just keep in mind that we won't be able to support the device should you open it up.
  6. What resolution are you passing through the Screen Crab?
  7. I use a Samsung Evo 512 GB card. I've seen 'em recently as low as $27. Not bad for half a TB.
  8. Magenta is typically used for LED SETUP - which is the phase when networking is established for most payloads. It sounds like the payload it running, however the setup phase has not passed as the networking requirements have not been met. I recommend checking the payload. What payload is this?
  9. Contact support at https://shop.hak5.org/contact and we'll get it replaced.
  10. Yes, any converter that'll translate to HDMI should work. I've had good experience with a number of inexpensive converters from the likes of Anker and Cable Matters.
  11. Good to hear that the Screen Crab is working out for you. Regarding advanced deduplication like you mentioned, that's a cool idea but wouldn't be possible on the device itself out of the box - at least not with its current software. We'll absolutely take the feature request under consideration though. On Cloud C2 the server side this could imagine a new feature which would allow you to assign a threshold by which the two images must match in order to be deduplicated. For instance, if 90% of the two images haven't changed then dedupe. That too we'll consider. Just so that I under
  12. Awesome. Looking forward to seeing the payload in action 🙂
  13. Demon - Hello to a fellow former phone phreak. I'm of the red box generation as the last analog trunks were being replaced during my experience, so 2600 Hz tones were far less useful. 🙂 Anyway, your Shark Jack will work on just about any modern OS - not just Linux. We provide the sharkjack.sh as a convenience to our *nix fans, but you could do very similar these days on Windows as SSH and SCP are built into powershell. If you charge the Shark Jack, then flip the switch into arming mode (middle position) it'll boot up in a way that makes it start a DHCP server, offering the con
  14. No, unfortunately doing so will overwrite the bootloader thus rendering the device incapable of software-based recovery. In this case your best course of action is to contact support to inquire about an express replacement for accidental damage. https://shop.hak5.org/pages/support
  15. The Shark Jack features a firmware recovery option which allows the user to restore the devices firmware image. This procedure is performed via a special web interface. Download the latest firmware image for your Shark Jack from the Hak5 Download Center. It is extremely important that you follow the directions precisely as it pertains to powering the device and image selection from the web recovery interface. The video is provided as a reference however does not replace carefully reading the instructions listed below. Follow these steps to access the recovery web interface
  16. At first glance I would imagine this would be in /tmp/dhcp.leases and one may repurpose this part of the GET extension for the Bash Bunny function GET() { case $1 in "TARGET_IP") export TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) ;; Having said that and looking at NETMODE, the condition for DHCP_SERVER is "DHCP_SERVER") uci set network.lan.proto='none' /etc/init.d/odhcpd start ;; It's possible that a parameter must be set for the log file. I'm not in front of my Shark Jack but I'd check
  17. Unfortunately none of those are for the mips architecture, but if you have source it could be compiled for the Shark Jack. Target is ramips and subtarget is MT7628. More specifically, the SoC is a MediaTek MT7628, the OS is OpenWRT and the architecture is MIPS 24KEc.
  18. My apologies for the trouble - that doesn't seem right at all. If you haven't already, go ahead and open a ticket at https://shop.hak5.org/contact and we'll get you sorted.
  19. We're aware of the issue and will be releasing an update with ACMEv2 soon. Account creation should work again today. Let's Encrypt is doing 24 hour brownouts to call attention to the upgrade. In the meantime either wait the 24 hours for the v1 service to come back online, or provide your own keys using the appropriate command line parameters.
  20. I use a Digital Ocean "droplet" (VPS) with 512 MB RAM and 20 GB disk. I hardly tax the thing.
  21. Correct. STRING simply states to treat the file as standard ASCII so it can be viewed in the Cloud C2 web UI. Otherwise it's treated as a binary. The SOURCE is indeed just a tag - which is helpful when managing loot from multiple payloads. No problem on the example payload - I really enjoy writing these and hope they're useful for others looking to implement these features.
  22. If your phone support a USB Ethernet dongle, you can exfiltrate data via the web UI from your phone. I'm sure many other methods - like SMB as you mentioned - would work similarly. The USB-C port is only for charging. Interestingly, you can use your phone to charge the Shark Jack. Select "Connected device" from USB controlled by on the USB Preferences menu.
  23. @Topknot thanks for detailing the process you followed to upgrade - however I want to advise against this method as it will not be supported. We cannot guarantee that the firmware file will always fit in the root file system in /root/, and the sysupgrade function may not always be present in the framework. If you wish to manually upgrade the Shark Jack, as opposed to the guided method using the sharkjack.sh helper available from https://downloads.hak5.org I advise you to please follow the instructions listed at https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade
  24. Currently the C2EXFIL command accepts only one file at a time. USAGE -- C2EXFIL (optional)STRING (required)<PATH> (optional)<SOURCE> Examples: C2EXFIL STRING <PATH> <SOURCE> - send text data from <PATH> file from <SOURCE> C2EXFIL <PATH> <SOURCE> - send <PATH> file from <SOURCE> C2EXFIL <PATH> - send <PATH> file Multiple files may be uploaded using the tool, however you would need to loop over them in order to do so. I've published an example of this here: https://github.com/hak5/sharkjack-payloads/blob/mast
  • Create New...