Jump to content


Rajesh Sundram

Recommended Posts

I mean, anything is possible but at first glance I'd say it's much easier to invoke with a keystroke injection attack using the Bash Bunny or USB Rubber Ducky. Not sure exactly how you'd pull it off with the Shark Jack, but I'm not going to rule it out since you never know what's possible RCE wise when you have direct network access. 

Link to comment
Share on other sites

Since the Shark Jack is a network device, I see only a few ways of doing the above.  Like I preach in the BashBunny threads about how to picture the device, picture the Shark Jack like your laptop and you are plugging it into the network.  Difference is when you power it on, it will run something like the local.rc to auto run stuff.  What your laptop can do with only a network connect is about true with the shark jack with difference amount of resources of course.


- You can manually run netcat from victim to connect to Shark netcat listener. (RubberDuck, BashBunny, by hand or other stager)

- You bruteforce a domain account that has local admin access to the victim machine or a local admin account on the victim where the registry key "LocalAccountTokenFilterPolicy" is set to 1, and use it to remotely netcat back to SharkJack.

- There is a known vulnerability on the victim device that is remotely exploitable without user intervention that the sharkjack can use to download and run netcat on victim to connect back to Shark netcat listener.


Summary, the Shark Jack is not going to do it on its own without manual intervention, credentials or network exploit.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...