oscaringosv Posted September 11, 2019 Share Posted September 11, 2019 Is there possible to change the MAC address of the Shark? Quote Link to comment Share on other sites More sharing options...
Didier Stevens Posted September 28, 2019 Share Posted September 28, 2019 I just did some packet captures of a Shark Jack nmap scanning (using my Packet Squirrel 🙂 ), and to me it looks like the MAC address of the Shark Jack is randomized. 1 1 Quote Link to comment Share on other sites More sharing options...
Didier Stevens Posted September 28, 2019 Share Posted September 28, 2019 Confirming it is random. First I have this: Quote root@shark:~# ifconfig eth0 Link encap:Ethernet HWaddr 86:72:96:71:C3:3C inet addr:172.16.24.1 Bcast:172.16.24.255 Mask:255.255.255.0 inet6 addr: fe80::8472:96ff:fe71:c33c/64 Scope:Link Then after Shark Jack reboot this: Quote root@shark:~# ifconfig eth0 Link encap:Ethernet HWaddr 2E:AF:43:F2:3E:22 inet addr:172.16.24.1 Bcast:172.16.24.255 Mask:255.255.255.0 inet6 addr: fe80::2caf:43ff:fef2:3e22/64 Scope:Link Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 1, 2019 Share Posted October 1, 2019 Yes, the Shark Jack MAC address is randomized at boot 🙂 Quote Link to comment Share on other sites More sharing options...
PaPPy Posted October 29, 2019 Share Posted October 29, 2019 Can something like macchanger be used to change it? Quote Link to comment Share on other sites More sharing options...
Cap_Sig Posted November 1, 2019 Share Posted November 1, 2019 On 10/29/2019 at 7:24 AM, PaPPy said: Can something like macchanger be used to change it? Are you wanting to set the address to a specific MAC for access to a restricted network? Quote Link to comment Share on other sites More sharing options...
PaPPy Posted November 1, 2019 Share Posted November 1, 2019 Yes. The network uses port security. So the idea is get the mac of a plugged in system (been looking into this via other posts on this forum). Then set it on the shark jack, to run payloads. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted November 1, 2019 Share Posted November 1, 2019 Yes, this is doable using the macchanger utility. If it's not included in 1.0.1, it will be included in the forthcoming 1.0.2 which will introduce the NETMODE command for dhcp server, dhcp client, and transparent modes. 1 Quote Link to comment Share on other sites More sharing options...
UnshakeableSalt Posted January 22, 2020 Share Posted January 22, 2020 On 11/1/2019 at 11:53 PM, Darren Kitchen said: Yes, this is doable using the macchanger utility. If it's not included in 1.0.1, it will be included in the forthcoming 1.0.2 which will introduce the NETMODE command for dhcp server, dhcp client, and transparent modes. An upvote if this could be included please I have tried using the jack on an engagement for where I knew a trusted lansweeper machine - where the jack's portscan and exfil would have been whitelisted by the SIEM Quote Link to comment Share on other sites More sharing options...
InfoSecREDD Posted January 22, 2020 Share Posted January 22, 2020 11 hours ago, UnshakeableSalt said: An upvote if this could be included please I have tried using the jack on an engagement for where I knew a trusted lansweeper machine - where the jack's portscan and exfil would have been whitelisted by the SIEM Uhh you can already change the MAC.. Just needs a work around in the payload.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.