Robert_Johnson Posted November 17, 2019 Share Posted November 17, 2019 Hi everyone, this is my first time using the forums and I had a quick question regarding the Shark Jack (such an amazing product by the way). So, I noticed the dhcp server, and had a quick question. The Bash Bunny, for instance, can get the target IP. I was wondering if the shark jack also had a function to get the target IP. Thanks! Robert Link to comment Share on other sites More sharing options...
Flatlinebb Posted November 18, 2019 Share Posted November 18, 2019 Are you talking about the Shark Jack getting a static IP in Attack Mode or Arming Mode? In Attack Mode, it gets an dynamic IP from the network's DHCP server, and it will usually be random, since the Shark Jack uses a random MAC address every time it boots up. So it would be pretty difficult to assign it a static IP based on that. In Arming Mode, it always uses the same static IP, 172.16.24.1, and turns on its own DHCP server in that subnet. It will give your PC a dynamic IP address when the Shark Jack and a PC are on the same network. Not sure if you can create a IP reservation on the Shark Jack to assign static IP to a specific MAC address, although, I'm not sure I see the need for that. Finally, if you are talking about executing the payload on the Shark Jack, by default it runs the example payload with an nmap script which does indeed grab IP addresses of active machines on the network it is connected to. So please clarify your question bit more, so we can better help you. Link to comment Share on other sites More sharing options...
Robert_Johnson Posted November 18, 2019 Author Share Posted November 18, 2019 Yeah, sorry @Flatlinebb, I was vague. What I meant was I wanted to use the NETMODE DHCP SERVER command in a payload and connect the shark jack to just a random desktop. However, in the payload, I want to get the IP address of the computer that the shark jack is connected to. Hopefully this now helps. Sorry for the confusion Link to comment Share on other sites More sharing options...
Flatlinebb Posted November 19, 2019 Share Posted November 19, 2019 So I did a little legwork and figured out that the Shark Jack is running the OPENWRT version of Linux and OpenWrt uses dnsmasq and odhcpd to serve DHCP and DNS by default.. This page is the documentation for the DNS and DHCP servers : https://openwrt.org/docs/guide-user/base-system/dhcp Maybe the documentation has some info that will be useful to what you are trying to accomplish. Link to comment Share on other sites More sharing options...
Flatlinebb Posted November 19, 2019 Share Posted November 19, 2019 According to the config file /etc/config/dhcp, the leases are supposed to be in the following files: /tmp/dhcp.leases /tmp/hosts/odhcpd But they are empty for me, at least in the ARMING mode. @Darren Kitchen, is there something different about the ARMING mode and the DHCP server that makes it not document the leased IP addresses? Link to comment Share on other sites More sharing options...
Darren Kitchen Posted November 20, 2019 Share Posted November 20, 2019 At first glance I would imagine this would be in /tmp/dhcp.leases and one may repurpose this part of the GET extension for the Bash Bunny function GET() { case $1 in "TARGET_IP") export TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) ;; Having said that and looking at NETMODE, the condition for DHCP_SERVER is "DHCP_SERVER") uci set network.lan.proto='none' /etc/init.d/odhcpd start ;; It's possible that a parameter must be set for the log file. I'm not in front of my Shark Jack but I'd check the odhcpd options as well as the output of `dmesg` and `logread` after the client connects to see if there are any clues there. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.