hachiman Posted August 24, 2021 Posted August 24, 2021 Hey there, brief question for your help (my brain seems a bit lost here). I conducted an audit of our enterprise network and discovered sensitive websites. Second step would be to deploy a SJ and somehow be able to remotely connect to it, using it as a bridgehead, and then access some of these websites. Could this be done with some ssh -r remote forwarding config? I used this to access local webservers where the ssh is running, but would this work to connect like this: Browser on internet server -> Internet -> SharkJack -> Website? This is more like a demo case for our conference, so OPSEC is not a big matter here. Thanks everyone!
chrizree Posted August 24, 2021 Posted August 24, 2021 I'm not that sure I would use the Shark for such a scenario. That device is more of a "hit and run" thing rather than being persistent. Battery life also needs to be considered (even though it's possible to run the Shark with a power adapter while it's operating). In terms of Hak5 devices, I would probably use the Packet Squirrel in combination with some OpenVPN AS setup. Then, from a remote computer, go via the OpenVPN AS further on via the Squirrel and to the internal network.
hachiman Posted August 24, 2021 Author Posted August 24, 2021 Good idea. Just to be more specific on this case. I dont require long battery runtime. It is more a "proof of concept". Plug it in, get remote access to demo the vulnerability and then unplug it again. I dont have Packet Squirrel, but I have a LAN Turtle. Which I think also provides C2 integration and OpenVPN, right? So I could use the RJ45 to plug it into our network and use a normal power bank to keep it up and running while doing the demo. Do you think this would make sense? PS: A public server with c2 installed and running is available also.
chrizree Posted August 24, 2021 Posted August 24, 2021 Yes, the LAN Turtle should work since Darren based a video on that specific setup some years ago using OpenVPN AS as a "gateway" into a LAN from outside. https://www.youtube.com/watch?v=b7qr0laM8kA
Recommended Posts
Archived
This topic is now archived and is closed to further replies.