Curl

[monsieurmarc]

Is is  possible to get Curl onto the sharkjack does anyone know?

[monsieurmarc]

Ignore this worked it out from the openwrt binaries

[Darren Kitchen]

There are at least 4 simple ways to install packages:

1. ICS & SSH
Connect your Shark Jack to your computer's Ethernet interface and boot it into arming mode. Then share your computer's Internet connection with the Shark Jack (outside the scope of this post) and SSH into the Shark Jack. Finally, use the commands `opkg update` and `opkg install curl`

2. LAN & SSH
Load your Shark Jack with the ssh-ip-blinker payload, then connect the Shark Jack to your LAN and boot it into attack mode. Then SSH into the Shark Jack. Finally, use the command `opkg update && opkg install curl`
https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/ssh-ip-blinker/payload.sh

3. Headless
Load your Shark Jack with the package-installer payload, setting PACKAGE_TO_INSTALL to your package of choice ("curl" in this example). Then connect the Shark Jack to your LAN and boot it into attack mode. Wait for the LED FINISH (Green blink to solid) to indicate that the package has successfully installed.
https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/package-installer/payload.sh

4. Cloud C2
Provision your Shark Jack with a device.config file from your Cloud C2 server and edit your payload.sh file to run `C2CONNECT`. Then connect to the Shark Jack via the web Terminal from your Cloud C2 server and issue the `opkg update && opkg install curl` command.
https://c2.hak5.org

[monsieurmarc]

Thanks Darren,

 

Clearly I did 5 and downloaded the ipg files transferred them up and then installed with opkg.  The blinker would probably of been a lot easier 🙂

[Jian]

I have problems with all the ways. First, when the Sharkjack is connected to the computer using thr RJ45 Ethernet port, The VM kali Linux loose the internet connection. So, opkg install does not work, the same with LAN & SSH. In this case the Jack may receive an IP of the range 192.168. === , but the Kali VM is still with 172.16.24.-- .

The headless way I tried seversl times, nothing. When I connect the device I check with opkg list-installed, but no curl, I tried coreutils and msmtp, with no success. 

Finally I downloaded manually the packages, for example  curl_7.66.0-3_x86_64.ipk

The commands I used are: ssh root@172.16.24.1 opkg install -v2 /home/kali/Downloads/Mypayloads/Install/curl_7.66.0-3_x86_64.ipk or  opkg -v2 install /home/kali/Downloads/Mypayloads/Install/curl_7.66.0-3_x86_64.ipk when I am in the main or payload directory of Sharkjack. 

I get results as: opkg version 7708a01a084872bbe4c46f36d2da021fdeb10862 (2019-01-18)

OR , if I am not putting the -v2 option:  

Collected errors:

wfopen: curl_7.66.0-3_x86_64.ipk: No such file or directory.

 * pkg_init_from_file: Failed to extract control file from curl_7.66.0-3_x86_64.ipk.

 

The opkg package is up to date: 

root@shark:~# opkg install opkg update

Package opkg (2019-01-18-7708a01a-1) installed in root is up to date.

Please advise what I am doing wrong and how to do it right. 

[dark_pyrro]

On 6/3/2022 at 2:39 PM, Jian said:

The VM kali Linux

Why are you using a Kali VM when doing this?

On 6/3/2022 at 2:39 PM, Jian said:

ssh root@172.16.24.1 opkg install -v2 /home/kali/Downloads/Mypayloads/Install/curl_7.66.0-3_x86_64.ipk

Why are you using this command and what are you expecting to happen?

On 6/3/2022 at 2:39 PM, Jian said:

curl_7.66.0-3_x86_64.ipk

Why are you trying to use a x86_64 binary on the Shark?

 

If you have a network with a switch and a free switch port, then connecting the Shark to that LAN and then login to the Shark using ssh and install curl is the easiest way.

[Jian]

On 6/5/2022 at 11:36 PM, dark_pyrro said:

Why are you using a Kali VM when doing this?

Why are you using this command and what are you expecting to happen?

Why are you trying to use a x86_64 binary on the Shark?

 

If you have a network with a switch and a free switch port, then connecting the Shark to that LAN and then login to the Shark using ssh and install curl is the easiest way.

I brief, to answer your questions, I did so following some tutorials on the net or in this forum and I didn`t knew otherwise. 

I connected the Sharkjack to the RJ45 port and set the ssh service of Windows 10 Powershell. There was an isuue with the password not accepted - I had to copy the id_rsa file from kali to the windows directory .ssh. I copied the package - hope it`s the curl_7.60.0-4_mipsel_24kc.ipk  When I try the easy way with opkg install the answer is "download failed, check your internet connection", so I copied the file into the shark and installed manually with the opkg install command. I hope the firmware of the Sharkjack is version 18.06 of OpenWRT for mipsel24_kc microcontroller architecture. I wiil check later if it`s working, or need other version. 

[dark_pyrro]

Not sure why you need to mess around with any id_rsa file. If it's a default/stock Shark, you shouldn't need to do that.

Can't really understand why you need to install curl in the first place. My Shark Jack Cable has curl installed out of the box and my Shark Jack (battery based) has it as well and I can't remember installing it myself (but I may be wrong on that one and I don't want to do a firmware recovery to start from scratch and find out).

The curl ipk is available from the following upstream OpenWrt repo
https://downloads.openwrt.org/releases/18.06-SNAPSHOT/packages/mipsel_24kc/base/
https://downloads.openwrt.org/releases/18.06-SNAPSHOT/packages/mipsel_24kc/base/curl_7.60.0-4_mipsel_24kc.ipk

Running
opkg update
opkg list | grep curl
will list this package (along with other ones)
curl - 7.60.0-4 - A client-side URL transfer utility

Version available on the Shark Jack Cable

root@shark:~# curl --version
curl 7.60.0 (mipsel-openwrt-linux-gnu) libcurl/7.60.0 mbedTLS/2.14.1
Release-Date: 2018-05-16
Protocols: file ftp ftps http https
Features: IPv6 Largefile SSL

Version available on the Shark Jack (battery based)

root@shark:~# curl --version
curl 7.60.0 (mipsel-openwrt-linux-gnu) libcurl/7.60.0 mbedTLS/2.14.1
Release-Date: 2018-05-16
Protocols: file ftp ftps http https
Features: IPv6 Largefile SSL

 

Obtaining curl from the official upstream repo like this
opkg update
opkg install curl
Installing curl (7.60.0-4) to root...
Downloading http://downloads.openwrt.org/releases/18.06-SNAPSHOT/packages/mipsel_24kc/base/curl_7.60.0-4_mipsel_24kc.ipk

 

Or using wget and then install it using the local ipk file (possible to wget/download it to another machine and then scp it to the Shark)
wget http://downloads.openwrt.org/releases/18.06-SNAPSHOT/packages/mipsel_24kc/base/curl_7.60.0-4_mipsel_24kc.ipk
opkg install ./curl_7.60.0-4_mipsel_24kc.ipk

 

[Jian]

About the rsa_id: I started to configure ssh server in Windows Power Shell. But when tiing to connect, the Shark says - 

PS C:\WINDOWS\system32> ssh 172.16.24.1
p@172.16.24.1's password:
Permission denied, please try again.
p@172.16.24.1's password:
Permission denied, please try again.
p@172.16.24.1's password:
p@172.16.24.1: Permission denied (publickey,password,keyboard-interactive).

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:9tGwdCHH7zahKAyOP8m6v16RYhZcJFV7btupVG/3L2o.
Please contact your system administrator.
Add correct host key in C:\\Users\\p/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\p/.ssh/known_hosts:2
ECDSA host key for 172.16.24.1 has changed and you have requested strict checking.
Host key verification failed.

Then after copy of rsa_id from Kali to windows foldre user/.ssh/known_hosts or something similar, I succeeded to connect. 

On 6/5/2022 at 11:36 PM, dark_pyrro said:

 

I needed to install curl along more other packages which are needed for simpletcpdump payload to work. Now I am facing the problem with the manual installation of packages, there are a lot of them depending from one or two others and that`s very annoying to say the least. However I managed to connect the Shark via http browser and this may facilitate some activities with the Shark.

Thank you for your effort to explain the details for the packages and the firmware version. It will be very usefull for future not knowing to do people. I red yesterday the version of firmware is 18.06.9. And the architecture is MIPS 24KEc - microcontroller MT7628 (somwhere is written MT7628DAN).

According to a post of the creator of Sharkjack:

On 11/20/2019 at 7:57 PM, Darren Kitchen said:

Unfortunately none of those are for the mips architecture, but if you have source it could be compiled for the Shark Jack. Target is ramips and subtarget is MT7628. More specifically, the SoC is a MediaTek MT7628, the OS is OpenWRT and the architecture is MIPS 24KEc. 

I checked - the packages for 18.06 and 18.06.9 are the same: 

https://downloads.openwrt.org/releases/18.06.9/packages/mipsel_24kc/base/

https://downloads.openwrt.org/releases/18.06.0/packages/mips_24kc/

There are no separate packages for mips_24kEc architecture.

[dark_pyrro]

I think you are over-complicating things. Just get the Shark online and install curl with opkg if it's missing. If you can't get it online you need to learn the basics and also read the docs about the Shark. It's not rocket science in any way.

And, when you attempt to ssh into the Shark you aren't specifying any valid user. The "p" user that is used for the session is most likely some local user that you are logged in with on the machine from where you are trying to initiate the ssh session (probably the Kali VM that you have previously mentioned). The only default user on the Shark is "root" so you need to run ssh with that user specified in the command (ssh root@172.16.24.1 or ssh -lroot 172.16.24.1).