Jump to content

IP of Client Device


Robert_Johnson

Recommended Posts

Hi everyone, this is my first time using the forums and I had a quick question regarding the Shark Jack (such an amazing product by the way).

 

So, I noticed the dhcp server, and had a quick question. The Bash Bunny, for instance, can get the target IP. I was wondering if the shark jack also had a function to get the target IP. 
 

Thanks!

Robert

Link to comment
Share on other sites

Are you talking about the Shark Jack getting a static IP in Attack Mode or Arming Mode? In Attack Mode, it gets an dynamic IP from the network's DHCP server, and it will usually be random, since the Shark Jack uses a random MAC address every time it boots up. So it would be pretty difficult to assign it a static IP based on that.

In Arming Mode, it always uses the same static IP, 172.16.24.1, and turns on its own DHCP server in that subnet. It will give your PC a dynamic IP address when the Shark Jack and a PC are on the same network. Not sure if you can create a IP reservation on the Shark Jack to assign static IP to a specific MAC address, although, I'm not sure I see the need for that.

Finally, if you are talking about executing the payload on the Shark Jack, by default it runs the example payload with an nmap script which does indeed grab IP addresses of active machines on the network it is connected to. So please clarify your question bit more, so we can better help you.

Link to comment
Share on other sites

So I did a little legwork and figured out that the Shark Jack is running the OPENWRT version of Linux and OpenWrt uses dnsmasq and odhcpd to serve DHCP and DNS by default.. This page is the documentation for the DNS and DHCP servers https://openwrt.org/docs/guide-user/base-system/dhcp

Maybe the documentation has some info that will be useful to what you are trying to accomplish.

Link to comment
Share on other sites

According to the config file /etc/config/dhcp, the leases are supposed to be in the following files:

/tmp/dhcp.leases

/tmp/hosts/odhcpd

But they are empty for me, at least in the ARMING mode. @Darren Kitchen, is there something different about the ARMING mode and the DHCP server that makes it not document the leased IP addresses?

Link to comment
Share on other sites

At first glance I would imagine this would be in /tmp/dhcp.leases and one may repurpose this part of the GET extension for the Bash Bunny

function GET() {
  case $1 in
    "TARGET_IP")
      export TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq)
      ;;

Having said that and looking at NETMODE, the condition for DHCP_SERVER is

    "DHCP_SERVER")
        uci set network.lan.proto='none'
        /etc/init.d/odhcpd start
        ;;

It's possible that a parameter must be set for the log file. I'm not in front of my Shark Jack but I'd check the odhcpd options as well as the output of `dmesg` and `logread` after the client connects to see if there are any clues there.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...