Altrez Posted September 4, 2019 Share Posted September 4, 2019 Hello All, I am trying to figure out a way to get internet access on the Shark jack when I place it on a switch port. The nmap scanning is super fast and it would be nice if it would also open up a reverse shell to a local pen testing box as a PoC. Anyone have any ideas on how that might work? Link to comment Share on other sites More sharing options...
Jsaus Posted September 6, 2019 Share Posted September 6, 2019 So, I see a couple issues with your post which should probably be clarified to get the answer you want. However, I'm guessing that what you want is a means of delivering a reverse shell over the internet to get around NAT and typical firewall rules? First, I would say that for something like that you would probably be better off with a LAN Turtle, but if you are really digging the Shark Jack (SJ) small form factor, I did see OpenVPN in the directory structure. I have just started toying with the SJ, but if OpenVPN is already installed, you should be able to create a payload which establishes an OVPN connection to a pre-established server on the outside. The main issue though, is the battery life of the SJ, which will probably only give you about a 10 minute connection, based on my limited testing thus far. I think I also saw autossh on the SJ, so that might be an option. Lastly, we know that SSH is on the device, so perhaps a reverse SSH tunnel is an option too? Whatever the case, that battery life is going to be a real limiting factor. Perhaps fine for PoC, but it seems like it would take some real slick operations to use it for delivering shells in an actual engagement. I think the best bet is if you can identify an exploitable network service, you could potentially put a working exploit on the SJ, which if it works, would then connect from the exploited device back to your pentest box. Just my thoughts. If you figure it out, be sure to let everyone know! Link to comment Share on other sites More sharing options...
Altrez Posted September 7, 2019 Author Share Posted September 7, 2019 I got it working. I setup a listener on a VPS Linux box on Azure and then piping to it from the Shark. Working on tweaking the nmap payload to run it at the start. Lasted 2 minutes but it did work. For some reason when the nmap is done the shark dies. Will post a full how to as soon as its stable. Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 8, 2019 Share Posted September 8, 2019 If you check the source of the nmap payload you'll find that when it's finished it issues the 'halt' command. This essentially shuts down the Shark Jack (not actually shutdown, more of a low power state). If I'm reading your first post correctly, it sounds like you want to easily read the results of the nmap scan so that you don't have to go through the process of connecting the Shark Jack to your computer (or smartphone with USB Ethernet adapter) to pull off the scan results, aka "loot". If that's the case, I can say with confidence you will very much enjoy the upcoming firmware release which adds native support for Hak5 Cloud C2. With this, you'll be able to use the C2CONNECT command to have the Shark Jack establish a secure connection to your Cloud C2 server, then the C2EXFIL command to push the loot up to the cloud. Link to comment Share on other sites More sharing options...
JohnBx Posted September 8, 2019 Share Posted September 8, 2019 On hooking to c2cloud. where do you put the device.config file? theres no etc directory and ive tried root etc? Link to comment Share on other sites More sharing options...
Altrez Posted September 9, 2019 Author Share Posted September 9, 2019 On 9/7/2019 at 11:24 PM, Darren Kitchen said: If you check the source of the nmap payload you'll find that when it's finished it issues the 'halt' command. This essentially shuts down the Shark Jack (not actually shutdown, more of a low power state). If I'm reading your first post correctly, it sounds like you want to easily read the results of the nmap scan so that you don't have to go through the process of connecting the Shark Jack to your computer (or smartphone with USB Ethernet adapter) to pull off the scan results, aka "loot". If that's the case, I can say with confidence you will very much enjoy the upcoming firmware release which adds native support for Hak5 Cloud C2. With this, you'll be able to use the C2CONNECT command to have the Shark Jack establish a secure connection to your Cloud C2 server, then the C2EXFIL command to push the loot up to the cloud. That is going to be great! Link to comment Share on other sites More sharing options...
Predator Posted November 11, 2019 Share Posted November 11, 2019 On 9/8/2019 at 9:34 AM, JohnBx said: On hooking to c2cloud. where do you put the device.config file? theres no etc directory and ive tried root etc? All device configs should be in /etc Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.