Jump to content
oscaringosv

MAC Spoofing

Recommended Posts

I just did some packet captures of a Shark Jack nmap scanning (using my Packet Squirrel ūüôā ), and to me it looks like the MAC address of the Shark Jack is randomized.

 

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

Confirming it is random.

First I have this:

Quote

root@shark:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 86:72:96:71:C3:3C  
          inet addr:172.16.24.1  Bcast:172.16.24.255  Mask:255.255.255.0
          inet6 addr: fe80::8472:96ff:fe71:c33c/64 Scope:Link

Then after Shark Jack reboot this:

Quote

root@shark:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 2E:AF:43:F2:3E:22  
          inet addr:172.16.24.1  Bcast:172.16.24.255  Mask:255.255.255.0
          inet6 addr: fe80::2caf:43ff:fef2:3e22/64 Scope:Link

 

Share this post


Link to post
Share on other sites
On 10/29/2019 at 7:24 AM, PaPPy said:

Can something like macchanger be used to change it?

Are you wanting to set the address to a specific MAC for access to a restricted network? 

Share this post


Link to post
Share on other sites

Yes. The network uses port security. So the idea is get the mac of a plugged in system (been looking into this via other posts on this forum). Then set it on the shark jack, to run payloads. 

Share this post


Link to post
Share on other sites

Yes, this is doable using the macchanger utility. If it's not included in 1.0.1, it will be included in the forthcoming 1.0.2 which will introduce the NETMODE command for dhcp server, dhcp client, and transparent modes.

  • Upvote 1

Share this post


Link to post
Share on other sites
On 11/1/2019 at 11:53 PM, Darren Kitchen said:

Yes, this is doable using the macchanger utility. If it's not included in 1.0.1, it will be included in the forthcoming 1.0.2 which will introduce the NETMODE command for dhcp server, dhcp client, and transparent modes.

An upvote if this could be included please 

I have tried using the jack on an engagement for where I knew a trusted lansweeper machine - where the jack's portscan and exfil would have been whitelisted by the SIEM   

Share this post


Link to post
Share on other sites
11 hours ago, UnshakeableSalt said:

An upvote if this could be included please 

I have tried using the jack on an engagement for where I knew a trusted lansweeper machine - where the jack's portscan and exfil would have been whitelisted by the SIEM   

Uhh you can already change the MAC.. Just needs a work around in the payload..

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...