Hak5 Shark Jack

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search


Shark Jack

The Shark Jack is a penetration tool for penetration testers and system administrators looking like a simple USB-Stick. It consists of three main components: a LAN-Port for configuration and executing pentests (which also uses a RGB-LED for visual responses), a USB-C port for charging and a slider to change modes. It provides possibilities to perform network audits and information gathering attacks. These functions are provided by the packages which are installed on the Shark Jack. The packages are provided by the OpenWRT platform, which means that users can add other packages than the preinstalled ones.



  • OFF (Slider is in position nearest to USB-C) - charging
  • Arming (Slider is in middle position) - configurating
  • Attack (Slider is in position nearest to LAN) - pentesting

Setting up the Shark Jack

  1. Change mode to arming.
  2. Plug the Shark Jack into one of the LAN ports of your computer.
  3. Your PC will get an IP-address in range
  4. Connect via SSH to
  5. You are now connected to the Shark Jack.

Folder structure

The Shark Jack folder structure consists of two predefined directories:

  • payloads
  • loot

The payloads directory is the place where the code is located which you want to be executed when the Shark Jack is in Attacking Mode. The filename of the code needs to be payload.sh. The loot directory is the place where you can save the results of the network attack.

Installing/updating packages (optional)

  1. Connect to your Shark Jack to your PC.
  2. Enter the command NETMODE DHCP_CLIENT
  3. The Shark Jack will now act as a normal client waiting for an IP-address from an DHCP-Server.
  4. Connect the Shark Jack to your router.
  5. Gather the IP-addres of the Shark Jack (Web interface of the router or form the DCHCP-Server).
  6. Connect via SSH to the new IP addres (e.g.,
  7. Use opkg upgrade [package] for updating packages or opkg install[package] for installing new packages.

Updating firmware (optional)

  1. Download latest update from https://downloads.hak5.org/shark
  2. Connect to your Shark Jack to your PC and also connect the USB-C port to a reliable power source.
  3. Copy the firmware file to the Shark Jack (e.g., with scp)
  4. Change to the directory where the firmware file is located.
  5. Execute following command sysupgrade -n [filename]
  6. Wait 5-10 minutes while the firmware is flashed.
  7. DO NOT unplug the Shark Jack during the update process!



The nmap payload is the default payload with which the Shark Jack is delivered. It executes a nmap scan and saves the results in the loot directory.


The ipinfo payload tries to gather information about private, public and gateway IP addresses of a network and saves the results in a log-file. To obtain this information the external website http://ipinfo.io/ip is used.


The netdiscover payload tries to gather information about a network even if the Shark Jack won't get an IP address from a DCHP-Server. There are two modes netdiscover can use: active and passive. In active mode netdiscover sends ARP packages into the network and tries to gather information about devices, which are currently online. The passive mode doesn't send packages on his own, instead it analyses the traffic of the network (see Sniffing_Devices).