![]() ![]() Step 7: Analyze the data with Wireshark.Step 5: Select the appropriate payload switch.Step 2: Get started with Packet Squirrel.Packet Squirrel and Wireshark record all traffic over Ethernet Once someone accesses the router, you'll have access to information to log in and do whatever you want. If the router is not using HTTPS, you can log all traffic over Ethernet. There's a free community version to be had at c2., and it runs on your own hardware, so we never see your bits (we don't wanna see 'em).Īnd finally, join the community at – it's home to some really bright pentesters and enthusiasts just like yourself, so you'll fit right in.Suppose there is a router for which you know the password and have physical access to an Ethernet connection where a Packet Squirrel can be attached - a pocket-sized tool inserted in the middle of the network. ![]() Once you start diving in and testing payloads, you may also want to set yourself up with a Cloud C2 server – it's great for remote access and exfiltration and is supported by a lot of the payloads. Of course you should also familiarize yourself with the ins and outs detailed in the official Shark Jack documentation at. Want to make all that even easier? Download the sharkjack.sh script (for Mac and Linux) from the Shark Jack section of – it'll automate gathering loot, swapping out payloads and even upgrading the firmware (you'll wanna do that – new features and tools are added from time to time). Want to change the payload? Just copy a payload.sh to /root/payload – and there's a growing collection at After admiring the cute shark ASCII art in the banner, cd over to /root/loot and enjoy those scan results. Then SSH into the Shark Jack with the command "ssh The default password is "hak5shark". From there just open terminal if on MacOS or Linux, or powershell if you're on Windows. Connect it to your computer's Ethernet port and you'll get assigned an IP address in the 172.16.24.x hood. Here instead of being a client on your network, it'll act as a server. ![]() It's then safe to unplug.įlip that crafty red switch to the middle position to put your Shark Jack into arming mode. Right outa the box it'll perform a simple nmap scan - and when the fun is done, the light will go green (and the trap will be clean). It'll start booting and blinking - and at any time it's ready to be plugged into your network. Repeat the phrase "this is my network and I'm totally authorized to pentest it" - then flip the evil red switch far forward, closest to the Ethernet jack, to put it in attack mode. Where were we again? Oh right - jacking into your network.įind that sweet 24 port switch mounted in your network closet, or RJ45 wall plate if you've gone full-geek and wired the house with CAT6. Just keep that sly red switch in the off position and take a moment to practice wielding the Shark Jack as if a floppy disk while reciting "you talkin' to me, punk?" in the mirror. It'll be a little warm from charging, but as you know from that important safety information it complies with IEC standards – so you're all good. Unplug your Shark Jack from the USB charger and give it a moment to cool down. And as you recall from that important safety information – you don't leave lithium batteries unattended while charging. Give it a few minutes and it'll light solid blue. After a brief green-blinking boot, it'll blink blue to show that the battery is charging. The Shark Jack will sip a steady 5 volts and about a half amp. Then plug in a USB-C cable to your charger of choice. That is, with the exception of reviewing all of that important safety information – it does include a Lithium battery after all.įlip that mischievous red attack switch to the OFF position - that's the position closest to the USB-C port. Now obviously the prudent first step would be to RTFM (which you can find at ) but let's throw caution to the wind. Cool, then what? Read up at, grab the latest firmware & tools from, get chatty at, spin up your very own Cloud C2 server from c2., and finally nab & contribute payloads from. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |