Skip to content

Hak5 Shark Jack Cheatsheet

Hak5 Shark Jack Cheatsheet

Overview

The Hak5 Shark Jack is a portable and powerful network attack tool designed for penetration testers and security professionals. It's a small, Ethernet-equipped device that can be deployed to automate network reconnaissance and attacks.

Key Features

  • Portable: Small form factor, easy to conceal and deploy.
  • Ethernet-equipped: Plugs directly into a network jack.
  • Powerful: Runs on a quad-core ARM processor.
  • Automated: Payloads are written in simple Bash script.
  • Cloud C2 Ready: Can be managed remotely via Hak5's Cloud C2 platform.
  • Extensible: Payloads can be customized and extended.

Hardware Specifications

  • Processor: Quad-core ARM
  • Memory: 256 MB RAM
  • Storage: 2 GB onboard flash
  • Networking: 10/100 Ethernet
  • Power: USB-C

Getting Started

  1. Power On: Connect the Shark Jack to a power source via USB-C.
  2. Connect to Network: Plug the Shark Jack into a target network jack.
  3. Arming Mode: The Shark Jack will boot into Arming Mode, where you can connect to it via SSH to configure payloads.
  4. Attack Mode: Once configured, the Shark Jack will enter Attack Mode and execute the selected payload when plugged into a network.

Default Credentials

  • SSID: Shark Jack
  • IP Address: 172.16.24.1
  • Username: root
  • Password: hak5shark

Payload Development

Payloads are written in Bash and placed in the /root/payloads/ directory on the Shark Jack.

Payload Structure:

#!/bin/bash

# Set the LED to indicate the payload is running
LED SETUP

# Your payload logic here
# Example: Run nmap to scan the network
NETMODE DHCP_CLIENT
nmap -sP 192.168.1.0/24 -oG /root/loot/nmap_scan.txt

# Set the LED to indicate the payload is finished
LED FINISH

Common Payloads

  • Network Scanning: Use nmap to scan the network for hosts and open ports.
  • Packet Capture: Use tcpdump to capture network traffic.
  • DNS Spoofing: Use dnsmasq to spoof DNS records.
  • Reverse Shell: Establish a reverse shell to a remote server.
  • Data Exfiltration: Exfiltrate captured data to a remote server.

LED Status Indicators

  • Blinking Blue: Arming Mode
  • Solid Magenta: Attack Mode (payload running)
  • Blinking Green: Payload finished
  • Blinking Red: Error

Cloud C2 Integration

The Shark Jack can be managed remotely using Hak5's Cloud C2 platform.

  1. Register: Register your Shark Jack on the Cloud C2 platform.
  2. Provision: Provision the Shark Jack with your Cloud C2 settings.
  3. Deploy: Deploy the Shark Jack on the target network.
  4. Manage: Manage the Shark Jack, deploy payloads, and exfiltrate loot from the Cloud C2 dashboard.

Additional Resources