Jump to content

Is there anyway you rerun the script/payload on sharkjack without turning it off and on again?


catx0rr

Recommended Posts

For example.. i have this payload.sh under /root/payload

the script finished executing after plugging the rj45 to the target (lan port) is there a way to rerun the script after plugging out and re-plug to another lan port without turning off sharkjack?

Link to comment
Share on other sites

Hi dark_pyrro,

Sorry I didn't provide the complete info.. It was cable shark.

We will be on an engagement soon, so I am preparing for the payload script. We would like to assess if NAC / port sec is implemented on the network.. so, i have this little script to just blink if the DHCP server provides an IP to sharkjack. The catch is, I need to turn it off and on again just to re-run the script if i were to re-plug it against a different LAN port.

Link to comment
Share on other sites

I have a payload script that (probably) does what you are looking for. It doesn't blink in the way you describe it, but writes to a loot file (however, it uses the LED to tell in what "state" it is as it loops through the functionality of the payload). It was in "early alpha" state though since I had the idea a long time ago but really didn't finish it. I took a quick look at it now and made some adjustments and it seems to work. There are more things that needs to be developed further in detail but it is possible to use with the SJC (cable based Shark) and prints to a loot file as well as optional log file for more info and also to the serial console if the SJC is attached to a phone or other kind of device that can monitor the serial output. It also has some functionality for Cloud C2 exfiltration, but I haven't had the time to test that yet. It should also run on the battery based Shark, but I had some ideas on implementing battery related functionality and that isn't in the payload at all at the moment. I can share the code a bit later on if I get the time to do it.

Link to comment
Share on other sites

If you could share the code with me, that would be awesome.. or at least the logic for looping the functionality.. that's what i really need since i will share the croc with the associates/delegate some tasks to them.. I already tried, using reverse ssh tunnel before (as long as the firewall is not that restrictive). When i scanned hosts using nmap host enumeration from the network and send the results over private vps.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...