Hak5 Shark Jack

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search


Shark Jack

The Shark Jack is a penetration tool for penetration testers and system administrators looking like a simple USB-Stick. It consists of three main components: a LAN-Port for configuration and executing pentests (which also uses a RGB-LED for visual responses), a USB-C port for charging and a slider to change modes. It provides possibilities to perform network audits and information gathering attacks. These functions are provided by the packages which are installed on the Shark Jack. The packages are provided by the OpenWRT platform, which means that users can add other packages than the preinstalled ones. Regarding the phases of penetration testing, Shark Jack is in phase 2, information gathering.



  • OFF (Slider is in position nearest to USB-C) - charging
  • Arming (Slider is in middle position) - configurating
  • Attack (Slider is in position nearest to LAN) - pentesting

Setting up the Shark Jack

  1. Change mode to arming.
  2. Plug the Shark Jack into one of the LAN ports of your computer.
  3. Your PC will get an IP-address in range
  4. Connect via SSH to
  5. You are now connected to the Shark Jack.

Folder structure

The Shark Jack folder structure consists of two predefined directories:

  • payloads
  • loot

The payloads directory is the place where the code is located which you want to be executed when the Shark Jack is in Attacking Mode. The filename of the code needs to be payload.sh. Only one payload script may exist at a time. The loot directory is the place where you can save the results of the network attack.

Installing/updating packages (optional)

  1. Connect to your Shark Jack to your PC.
  2. Enter the command NETMODE DHCP_CLIENT
  3. The Shark Jack will now act as a normal client waiting for an IP-address from an DHCP-Server.
  4. Connect the Shark Jack to your router.
  5. Gather the IP-addres of the Shark Jack (Web interface of the router or form the DCHCP-Server).
  6. Connect via SSH to the new IP addres (e.g.,
  7. Use opkg upgrade [package] for updating packages or opkg install[package] for installing new packages.

Updating firmware (optional)

  1. Download latest update from https://downloads.hak5.org/shark
  2. Connect to your Shark Jack to your PC and also connect the USB-C port to a reliable power source.
  3. Copy the firmware file to the Shark Jack (e.g., with scp)
  4. Change to the directory where the firmware file is located.
  5. Execute following command sysupgrade -n [filename]
  6. Wait 5-10 minutes while the firmware is flashed.
  7. DO NOT unplug the Shark Jack during the update process!


C2 is a dashboard created by hak5 for tools from hak5, which can be easily set up on a local server for free. With C2, data can be inspected directly in the dashboard and the current state of the device can be viewed. It is also possible to let Shark Jack execute commands like nmap without a previously uploaded payload.


  1. Size: 62 x 21 x 12 mm
  2. Charging plug: USB-C
  3. Microcontroller: MT7628DAN

How to attack

  1. Shark Jack must be connected to a router or a switch to perform an attack

How to defend

  1. Routers and switches must not be accessible to unauthorized personnel
  2. Do not allow strangers to enter the company without supervision
  3. Disable unused ports
  4. Physically inspect routers and switches on a regular basis



The nmap payload is the default payload with which the Shark Jack is delivered. It executes a nmap scan and saves the results in the loot directory.


The ipinfo payload tries to gather information about private, public and gateway IP addresses of a network and saves the results in a log-file. To obtain this information the external website http://ipinfo.io/ip is used.


The netdiscover payload tries to gather information about a network even if the Shark Jack won't get an IP address from a DCHP-Server. There are two modes netdiscover can use: active and passive. In active mode netdiscover sends ARP packages into the network and tries to gather information about devices, which are currently online. The passive mode doesn't send packages on his own, instead it analyses the traffic of the network (see Sniffing_Devices).

Used Hardware

Shark Jack network attack tool