Hak5 Shark Jack

Summary

Shark Jack

The Shark Jack is a penetration tool for penetration testers and system administrators looking like a simple USB-Stick. It consists of three main components: a LAN-Port for configuration and executing pentests (which also uses a RGB-LED for visual responses), a USB-C port for charging and a slider to change modes. It provides possibilities to perform network audits and information gathering attacks. These functions are provided by the packages which are installed on the Shark Jack. The packages are provided by the OpenWRT platform, which means that users can add other packages than the preinstalled ones.

Description

Modes

• OFF (Slider is in position nearest to USB-C) - charging
• Arming (Slider is in middle position) - configurating
• Attack (Slider is in position nearest to LAN) - pentesting

Setting up the Shark Jack

1. Change mode to arming.
2. Plug the Shark Jack into one of the LAN ports of your computer.
3. Your PC will get an IP-address in range 172.16.24.0/24.
4. Connect via SSH to 172.16.24.1.
5. You are now connected to the Shark Jack.

Folder structure

The Shark Jack folder structure consists of two predefined folders:

• payloads
• loot

The payloads folder is the place where the code is located which you want to be executed when the Shark Jack is in Attacking Mode. The filename of the code needs to be payload.sh. The loot folder is the place where you can save the results of the network attack.

Installing/updating packages (optional)

1. Connect to your Shark Jack to your PC.
2. Enter the command NETMODE DHCP_CLIENT
3. The Shark Jack will now act as a normal client waiting for an IP-address from an DHCP-Server.
4. Connect the Shark Jack to your router.
5. Gather the IP-addres of the Shark Jack (Web interface of the router or form the DCHCP-Server).
6. Connect via SSH to the new IP addres (e.g., 192.168.0.153).
7. Use opkg upgrade [package] for updating packages or opkg install[package] for installing new packages.

Updating firmware (optional)

1. Download latest update from https://downloads.hak5.org/shark
2. Connect to your Shark Jack to your PC and also connect the USB-C port to a reliable power source.
3. Copy the firmware file to the Shark Jack (e.g., with scp)
4. Change to the directory where the firmware file is located.
5. Execute following command sysupgrade -n [filename]
6. Wait 5-10 minutes while the firmware is flashed.
7. DO NOT unplug the Shark Jack during the update process!

Examples

nmap

• https://github.com/hak5/sharkjack-payloads/tree/master/payloads/library/recon/netdiscover

ipinfo

• https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/recon/ipinfo/payload.sh

netdiscover

• https://github.com/hak5/sharkjack-payloads/tree/master/payloads/library/recon/netdiscover

References

• https://hak5.org/products/shark-jack
• https://github.com/hak5/sharkjack-payloads/
• https://help.hak5.org/shark-jack/writing-payloads/included-tools