Jump to content
Sign in to follow this  
Altrez

Shell Access

Recommended Posts

Hello All,

I am trying to figure out a way to get internet access on the Shark jack when I place it on a switch port. The nmap scanning is super fast and it would be nice if it would also open up a reverse shell to a local pen testing box as a PoC. Anyone have any ideas on how that might work?

Share this post


Link to post
Share on other sites

So, I see a couple issues with your post which should probably be clarified to get the answer you want. However, I'm guessing that what you want is a means of delivering a reverse shell over the internet to get around NAT and typical firewall rules? First, I would say that for something like that you would probably be better off with a LAN Turtle, but if you are really digging the Shark Jack (SJ)  small form factor, I did see OpenVPN in the directory structure. I have just started toying with the SJ, but if OpenVPN is already installed, you should be able to create a payload which establishes an OVPN connection to a pre-established server on the outside. The main issue though, is the battery life of the SJ, which will probably only give you about a 10 minute connection, based on my limited testing thus far. I think I also saw autossh on the SJ, so that might be an option. Lastly, we know that SSH is on the device, so perhaps a reverse SSH tunnel is an option too? Whatever the case, that battery life is going to be a real limiting factor. Perhaps fine for PoC, but it seems like it would take some real slick operations to use it for delivering shells in an actual engagement. I think the best bet is if you can identify an exploitable network service, you could potentially put a working exploit on the SJ, which if it works, would then connect from the exploited device back to your pentest box. Just my thoughts. If you figure it out, be sure to let everyone know!   

Share this post


Link to post
Share on other sites

I got it working. I setup a listener on a VPS Linux box on Azure and then piping to it from the Shark. Working on tweaking the nmap payload to run it at the start. Lasted 2 minutes but it did work.  For some reason when the nmap is done the shark dies. Will post a full how to as soon as its stable.

Share this post


Link to post
Share on other sites

If you check the source of the nmap payload you'll find that when it's finished it issues the 'halt' command. This essentially shuts down the Shark Jack (not actually shutdown, more of a low power state). 

If I'm reading your first post correctly, it sounds like you want to easily read the results of the nmap scan so that you don't have to go through the process of connecting the Shark Jack to your computer (or smartphone with USB Ethernet adapter) to pull off the scan results, aka "loot". 

If that's the case, I can say with confidence you will very much enjoy the upcoming firmware release which adds native support for Hak5 Cloud C2. With this, you'll be able to use the C2CONNECT command to have the Shark Jack establish a secure connection to your Cloud C2 server, then the C2EXFIL command to push the loot up to the cloud. 

  • Like 1

Share this post


Link to post
Share on other sites

On hooking to c2cloud. where do you put the device.config file?

theres no etc directory and ive tried root etc?

 

 

Share this post


Link to post
Share on other sites
On 9/7/2019 at 11:24 PM, Darren Kitchen said:

If you check the source of the nmap payload you'll find that when it's finished it issues the 'halt' command. This essentially shuts down the Shark Jack (not actually shutdown, more of a low power state). 

If I'm reading your first post correctly, it sounds like you want to easily read the results of the nmap scan so that you don't have to go through the process of connecting the Shark Jack to your computer (or smartphone with USB Ethernet adapter) to pull off the scan results, aka "loot". 

If that's the case, I can say with confidence you will very much enjoy the upcoming firmware release which adds native support for Hak5 Cloud C2. With this, you'll be able to use the C2CONNECT command to have the Shark Jack establish a secure connection to your Cloud C2 server, then the C2EXFIL command to push the loot up to the cloud. 

That is going to be great! 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...