Jump to content

IP of Client Device


Recommended Posts

Hi everyone, this is my first time using the forums and I had a quick question regarding the Shark Jack (such an amazing product by the way).


So, I noticed the dhcp server, and had a quick question. The Bash Bunny, for instance, can get the target IP. I was wondering if the shark jack also had a function to get the target IP. 



Link to comment
Share on other sites

Are you talking about the Shark Jack getting a static IP in Attack Mode or Arming Mode? In Attack Mode, it gets an dynamic IP from the network's DHCP server, and it will usually be random, since the Shark Jack uses a random MAC address every time it boots up. So it would be pretty difficult to assign it a static IP based on that.

In Arming Mode, it always uses the same static IP,, and turns on its own DHCP server in that subnet. It will give your PC a dynamic IP address when the Shark Jack and a PC are on the same network. Not sure if you can create a IP reservation on the Shark Jack to assign static IP to a specific MAC address, although, I'm not sure I see the need for that.

Finally, if you are talking about executing the payload on the Shark Jack, by default it runs the example payload with an nmap script which does indeed grab IP addresses of active machines on the network it is connected to. So please clarify your question bit more, so we can better help you.

Link to comment
Share on other sites

Yeah, sorry @Flatlinebb, I was vague. What I meant was I wanted to use the NETMODE DHCP SERVER command in a payload and connect the shark jack to just a random desktop. However, in the payload, I want to get the IP address of the computer that the shark jack is connected to. 

Hopefully this now helps. Sorry for the confusion

Link to comment
Share on other sites

So I did a little legwork and figured out that the Shark Jack is running the OPENWRT version of Linux and OpenWrt uses dnsmasq and odhcpd to serve DHCP and DNS by default.. This page is the documentation for the DNS and DHCP servers https://openwrt.org/docs/guide-user/base-system/dhcp

Maybe the documentation has some info that will be useful to what you are trying to accomplish.

Link to comment
Share on other sites

According to the config file /etc/config/dhcp, the leases are supposed to be in the following files:



But they are empty for me, at least in the ARMING mode. @Darren Kitchen, is there something different about the ARMING mode and the DHCP server that makes it not document the leased IP addresses?

Link to comment
Share on other sites

At first glance I would imagine this would be in /tmp/dhcp.leases and one may repurpose this part of the GET extension for the Bash Bunny

function GET() {
  case $1 in
      export TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq)

Having said that and looking at NETMODE, the condition for DHCP_SERVER is

        uci set network.lan.proto='none'
        /etc/init.d/odhcpd start

It's possible that a parameter must be set for the log file. I'm not in front of my Shark Jack but I'd check the odhcpd options as well as the output of `dmesg` and `logread` after the client connects to see if there are any clues there.

  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...