catx0rr Posted October 3, 2023 Share Posted October 3, 2023 For example.. i have this payload.sh under /root/payload the script finished executing after plugging the rj45 to the target (lan port) is there a way to rerun the script after plugging out and re-plug to another lan port without turning off sharkjack? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 3, 2023 Share Posted October 3, 2023 What Shark are you using? Battery or cable? Quote Link to comment Share on other sites More sharing options...
catx0rr Posted October 3, 2023 Author Share Posted October 3, 2023 (edited) Hi dark_pyrro, Sorry I didn't provide the complete info.. It was cable shark. We will be on an engagement soon, so I am preparing for the payload script. We would like to assess if NAC / port sec is implemented on the network.. so, i have this little script to just blink if the DHCP server provides an IP to sharkjack. The catch is, I need to turn it off and on again just to re-run the script if i were to re-plug it against a different LAN port. Edited October 3, 2023 by catx0rr Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 3, 2023 Share Posted October 3, 2023 I have a payload script that (probably) does what you are looking for. It doesn't blink in the way you describe it, but writes to a loot file (however, it uses the LED to tell in what "state" it is as it loops through the functionality of the payload). It was in "early alpha" state though since I had the idea a long time ago but really didn't finish it. I took a quick look at it now and made some adjustments and it seems to work. There are more things that needs to be developed further in detail but it is possible to use with the SJC (cable based Shark) and prints to a loot file as well as optional log file for more info and also to the serial console if the SJC is attached to a phone or other kind of device that can monitor the serial output. It also has some functionality for Cloud C2 exfiltration, but I haven't had the time to test that yet. It should also run on the battery based Shark, but I had some ideas on implementing battery related functionality and that isn't in the payload at all at the moment. I can share the code a bit later on if I get the time to do it. Quote Link to comment Share on other sites More sharing options...
catx0rr Posted October 3, 2023 Author Share Posted October 3, 2023 If you could share the code with me, that would be awesome.. or at least the logic for looping the functionality.. that's what i really need since i will share the croc with the associates/delegate some tasks to them.. I already tried, using reverse ssh tunnel before (as long as the firewall is not that restrictive). When i scanned hosts using nmap host enumeration from the network and send the results over private vps. Quote Link to comment Share on other sites More sharing options...
Solution dark_pyrro Posted October 4, 2023 Solution Share Posted October 4, 2023 OK, I put the code up on Codeberg, use it if it fits your needs. It can be trimmed down if not in need of any logging or such. As said, it's just something simple I put together and hasn't been used that much at all, so there is for sure room for improvement or tweaking. https://codeberg.org/dark_pyrro/Shark_Loop Quote Link to comment Share on other sites More sharing options...
catx0rr Posted October 4, 2023 Author Share Posted October 4, 2023 thanks for the help again dark_pyrro.. will look into the script and modify mine, or add tweaks regarding to the functionality of your code.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.