Jump to content

Is there anyway you rerun the script/payload on sharkjack without turning it off and on again?

Go to solution Solved by dark_pyrro,

Recommended Posts

For example.. i have this payload.sh under /root/payload

the script finished executing after plugging the rj45 to the target (lan port) is there a way to rerun the script after plugging out and re-plug to another lan port without turning off sharkjack?

Link to comment
Share on other sites

Hi dark_pyrro,

Sorry I didn't provide the complete info.. It was cable shark.

We will be on an engagement soon, so I am preparing for the payload script. We would like to assess if NAC / port sec is implemented on the network.. so, i have this little script to just blink if the DHCP server provides an IP to sharkjack. The catch is, I need to turn it off and on again just to re-run the script if i were to re-plug it against a different LAN port.

Edited by catx0rr
Link to comment
Share on other sites

I have a payload script that (probably) does what you are looking for. It doesn't blink in the way you describe it, but writes to a loot file (however, it uses the LED to tell in what "state" it is as it loops through the functionality of the payload). It was in "early alpha" state though since I had the idea a long time ago but really didn't finish it. I took a quick look at it now and made some adjustments and it seems to work. There are more things that needs to be developed further in detail but it is possible to use with the SJC (cable based Shark) and prints to a loot file as well as optional log file for more info and also to the serial console if the SJC is attached to a phone or other kind of device that can monitor the serial output. It also has some functionality for Cloud C2 exfiltration, but I haven't had the time to test that yet. It should also run on the battery based Shark, but I had some ideas on implementing battery related functionality and that isn't in the payload at all at the moment. I can share the code a bit later on if I get the time to do it.

Link to comment
Share on other sites

If you could share the code with me, that would be awesome.. or at least the logic for looping the functionality.. that's what i really need since i will share the croc with the associates/delegate some tasks to them.. I already tried, using reverse ssh tunnel before (as long as the firewall is not that restrictive). When i scanned hosts using nmap host enumeration from the network and send the results over private vps.

Link to comment
Share on other sites

  • Solution

OK, I put the code up on Codeberg, use it if it fits your needs. It can be trimmed down if not in need of any logging or such. As said, it's just something simple I put together and hasn't been used that much at all, so there is for sure room for improvement or tweaking.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...