Jump to content

Darren Kitchen

Root Admin
  • Content Count

  • Joined

  • Days Won


Everything posted by Darren Kitchen

  1. Glad to see you got the C2CONNECT issue sorted with your specific keyfile configuration. As for the C2EXFIL, if you run the command interactively you will get usage. I prefer to use the STRING flag as it will make standard ASCII files easily readable within the Cloud C2 web interface.
  2. Thanks for the report. We are looking into this now. This is related to Hak5 infrastructure as it pertains to adding packages not already in the mainline OpenWRT feeds end and will not impact your ability to install standard packages.
  3. Glad to hear that the Shark Jack is working out for you. I don't know if this comes across on the videos but I'm really proud of it. As for the payloads, the convention we established with the Bash Bunny was to create a directory called "Library" in which you can carry multiple payloads. It may be fruitful to store that in /root/ using a git clone. Your idea of storing multiple payloads to swap out on the device is something we've been giving thought on how to best facilitate - so I'm sure as the product matures we'll have a great solution for. Happy hacking 🙂
  4. I mean, anything is possible but at first glance I'd say it's much easier to invoke with a keystroke injection attack using the Bash Bunny or USB Rubber Ducky. Not sure exactly how you'd pull it off with the Shark Jack, but I'm not going to rule it out since you never know what's possible RCE wise when you have direct network access.
  5. @Geeksystem here's the article on manual flashing as promised: https://docs.hak5.org/hc/en-us/articles/360038189894-Manual-Upgrade
  6. Netcat is included on the Shark Jack with the command `nc` As for starting netcat on a target, it really depends. There are a few reverse shell payloads for the Bash Bunny, for instance...
  7. @MoLeViP you are correct - the Shark Jack ARMING mode enables a DHCP server - however this is just for management of the device. If you would like to make a payload for the Shark Jack @Jenny_B that enables a DHCP server rather than a client, use NETMODE DHCP_SERVER rather than NETMODE DHCP_CLIENT This is documented at https://docs.hak5.org/hc/en-us/categories/360002117973-Shark-Jack
  8. Awesome payload! I would suggest changing the LED to use the standardized states like LED SETUP, LED ATTACK and such. They're documented at https://docs.hak5.org/hc/en-us/articles/360034667893-LED Currently your LED commands will fail, as they would need an additional parameter - like SOLID.
  9. I'm using the USB Ethernet adapter from https://shop.hak5.org/collections/accessories/products/combo-ethernet-adapter-and-retractable-cable (which is included in the Shark Jack Combo Kit) - but any regular USB Ethernet adapter will work. I'll post a manual upgrade guide to https://docs.hak5.org but essentially the process is similar to that of the Packet Squirrel or WiFi Pineapple where you download the latest firmware from downloads.hak5.org, copy the file to /tmp/ on your device via SCP, then SSH into the device, verify its SHA256 sum, then issue sysupgrade -n /tmp/upgrade.bin T
  10. Everything from unboxing your Shark Jack to connecting in arming mode, exfiltrating loot, changing out payloads, upgrading the firmware, checking out the new web interface and even connecting it to Cloud C2. VIDEO CHAPTERS: 0:58 - Unboxing 4:22 - Attacking with the default payload 7:08 - Connecting in arming mode 10:40 - Navigating the file system 12:34 - Exfiltrating loot to our local host 14:13 - The sharkjack.sh helper script 17:16 - Upgrading the firmware 19:26 - The new arming mode web interface 20:30 - Loading new payloads 25:19 - Setting up Cloud C2
  11. Normal runtime is between 10 and 15 minutes - not 2 and 5. Is the battery fully charged? Charging time is between 5 and 10 minutes, and the LED will light solid blue when it is fully charged. Something seems off here. If the run time is really that low when fully charged, please reach out to me directly at https://shop.hak5.org/contact and we'll get you sorted.
  12. So here's a pretty image of the Shark Jack Combo Kit: And here's how I rock it every day: *not pictured: Plunder Bug
  13. This will happen if the file system is filled. I recommend following the factory reset guide from https://docs.hak5.org/hc/en-us/articles/360010471134-Factory-Reset
  14. Thanks! PR accepted 🙂 I will note that this payload overwrites the nameserver in the /etc/resolv.conf file to If I were to recommend any change - it would be to make that configurable in the variables at the top of the payload. Otherwise, fantastic work - and I'll see if we can't get some of those dependencies baked into the next official release so it's even easier to use out of the box.
  15. Awesome! Would like to host this on the Hak5 repo if you'd like to submit a pull request 🙂
  16. Welcome to the forums! The Combo Kit includes two accessory packs - the USB-C Essentials Kit and the Ethernet Essentials Kit - as well as the Hak5 Essential Gear Wrap. In total it looks like: Shark Jack UCB-C Essentials Kit 4 inch Type C to Type C USB cable Type C female to Type A male adapter Type C female to Micro B male adapter Ethernet Essentials USB Ethernet Adapter (ASIX chipset) Retractable Ethernet cable Hak5 Essential Gear Wrap I'll post some detailed photos when I get back to the office
  17. Yes, this is doable using the macchanger utility. If it's not included in 1.0.1, it will be included in the forthcoming 1.0.2 which will introduce the NETMODE command for dhcp server, dhcp client, and transparent modes.
  18. The Shark Jack Combo Kit includes a cable. It actually has a pretty nifty USB-C accessory kit with a special shorty USB-C cable, along with C to A and C to Micro adapters, USB Ethernet adapter, Ethernet cable. It also includes the Hak5 Essential Gear Wrap, which is a Hak5 branded nylon wrap with a zipper pouch and elastic straps made specifically for Hak5 gear. It's my every day gear wrap for dev essentials 🙂
  19. This is totally doable in theory, but practically speaking you're going to run into limitations with run time and storage space. The later can be overcome with sshfs, and the former can be overcome by continuously charging the unit (though it's not recommended as the device is not intended for long term deployments). Neither of these are issues for the Shark's sibling - the Packet Squirrel - which features USB for tons of storage, and USB for persistent power. For either platforms this guide should prove as a good starting point: https://openwrt.org/docs/guide-user/services/tftp
  20. This is absolutely doable We will be releasing a new firmware version very soon which will include the following commands: NETMODE TRANSPARENT NETMODE DHCP_SERVER and NETMODE DHCP_CLIENT With that you should very easily be able to capture the targets MAC address.
  21. Likewise... I'm also keen on writing some payload snippets or extensions to ease exfiltration via email & http posts for sites like pastebin similar to how easy it is to exfil to Cloud C2 with a command like: C2EXFIL STRING $log_file Payload-Name
  22. How is the Bash Bunny getting Internet access from the target in this scenario?
  23. This payload tests to see if the Shark Jack can ping a specified resource. https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/ping-tester/payload.sh
  24. This payload tests the port to see if the Shark Jack can obtain an IP address from DHCP, and if it can access the Internet by testing a specified HTTP URL. https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/internet-access-tester/payload.sh
  • Create New...