Shark Jack Unboxing and Setup

Shark Jack Unboxing and Setup - Hak5 2610

Рет қаралды 140,249

4 жыл бұрын

Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
Everything from unboxing your Shark Jack to connecting in arming mode, exfiltrating loot, changing out payloads, upgrading the firmware, checking out the new web interface and even connecting it to Cloud C2.
shop.hak5.org/products/shark-...
VIDEO CHAPTERS:
0:58 - Unboxing
4:22 - Attacking with the default payload
7:08 - Connecting in arming mode
10:40 - Navigating the file system
12:34 - Exfiltrating loot to our local host
14:13 - The sharkjack.sh helper script
17:16 - Upgrading the firmware
19:26 - The new arming mode web interface
20:30 - Loading new payloads
25:19 - Setting up Cloud C2
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → www.hakshop.com
Subscribe → kzfaq.info...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
Host: Shannon Morse → / snubs
Host: Darren Kitchen → / hak5darren
Host: Mubix → / mubix
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.

Пікірлер: 140

@jshrawder49 4 жыл бұрын

I would never have figured that out from your documentation. I was looking for a video like this. Thanks.

@dallaskappel1 4 жыл бұрын

I can’t wait to get one! That looks like fun

@redbeard1066 4 жыл бұрын

awesome toys you make. Keep up the good work. Please!

@rishabhtomar2174 4 жыл бұрын

you are amazing Darren

@chuxxsss 4 жыл бұрын

Lipo yes can start fire Darren. I know :( i started 10 18650 up. But was saved by one dropping out. Sand is your friend lol. Glad I started watching again.

@Zeitgeschichte1 3 жыл бұрын

Men you actually genius how you command this shark jack I appreciate your work & enjoy it

@joejenkins9181 4 жыл бұрын

and i quote - "Saftey is sexy"

@monas.6839 4 жыл бұрын

Cameron Reimer ...said no one ever 😉

@DarrenKitchen 4 жыл бұрын

@@monas.6839 No, pretty sure it was said at timecode 1:43

@bmitch3020 4 жыл бұрын

"best editor in the world" ... Release the flame warriors!

@ShiloWardComedy 4 жыл бұрын

Just bought my SharkJack Best new Hak5 go device ever!! Thanks ༼ つ ◕_◕ ༽つ

@INeedAttentionEXE 4 жыл бұрын

It would have been even better if you could have used the usb-c port to make it easier to export data, at that point I don't believe you would have to wait for the device to boot to SSH into it

@philipm1896 4 жыл бұрын

Very nice indeed

@Canadian789119 4 жыл бұрын

opkg. Man, I've been installing packages on my router all wrong. :) thanks

@s74rch1ld 4 жыл бұрын

'And now I have the best text editor on earth!'

@nothinglasts 4 жыл бұрын

nano is the best text editor on earth!

@somepotatos131 4 жыл бұрын

Loving the sharkjack! I expanded on the netrecon payload and added a port scan that pulls from a text file as well as a speedtester via speedtest-cli. The payload is getting pretty heavy though and my run time is pretty high. Add that to the 30sec load time, it gets uncomfortably close to the battery lifespan. Any tips on speeding up the boot time down from the 30 sec current? Also is the default LED status indicator modifiable? I'd like to make boot in Amber vs it's current green.

@DarrenKitchen 4 жыл бұрын

Awesome to hear! I'd love to see your port scanner and speedtester payload. Are you going to post them to the forums or send a pull request to the github payload repo?The ~30s boot time is already pretty optimized, but we'll take a crack at shaving it down some more now that we've gotten it to a pretty good point with v1.1.0. No - the green blink on boot isn't user configurable. If I'm not mistaken it's set by the bootloader, which isn't something you should be overwriting. We standardized on green for boot across most of the gear for consistency.

@somepotatos131 4 жыл бұрын

@@DarrenKitchen thanks Darren! I have some proprietary info in the script right now but once I'm finished I plan on converting the sensitive stuff to customizable variables in the header then sharing it with y'all.

@ddg220 4 жыл бұрын

Darren what about if the network is not configured using DHCP? How is Shark getting an IP?

@DivineMindGroup 4 жыл бұрын

now all you need to do is add a microsd card slot to this and oh boy :)

@j.n.8745 4 жыл бұрын

Did you see how Elliot snagged the loot, 408 Request Timeout,. Cool hack 👍🏻

@SchoolforHackers 4 жыл бұрын

J. N. Yes quite deft.

@michael040990 4 жыл бұрын

Im ready to create some new payloads for mine

@ravourd 4 жыл бұрын

do know any advice like shark jack but for phone or we can use shark for phone not just comptr ?!

@DarrenKitchen 4 жыл бұрын

@@ravourd you can use a Bash Bunny to do keystroke injection on a phone, and some will even recognize it by ECM Ethernet. Storage too. There's an Android sub category in the github repo.

@robthebuildermoore3331 4 жыл бұрын

Can’t wait to see how many script kiddies get arrested with this .

@michael040990 4 жыл бұрын

Im using mine right now for work i have my employees plug it in the network to diagnose if our dvr and printer is online as well as grab the external ip and email it to me so i can update our services. Im making a script to make a list of authorized devices on the network and when they plug it in it scans for all devices on the network and notifies me of any new unauthorized devices

@gavincoffey3660 4 жыл бұрын

Why does this make me think of the Magic Jack

@harrystaley3289 3 жыл бұрын

You should upgrade this to work with POE.

@josephbustos6304 4 жыл бұрын

What about networks with mac filtering security protocols? Will it disable a network Port based by the mac?

@patrickben3924 4 жыл бұрын

This device is amazing ..... What is the storage size if the loot data is something big... Does it have upgradable storage?

@lmaoroflcopter 4 жыл бұрын

You've got about 20MB on the / partition with an additional 30MB in /tmp/

@patrickben3924 4 жыл бұрын

@@lmaoroflcopter there should be sd card slot to upgrade the storage ..

@lmaoroflcopter 4 жыл бұрын

@@patrickben3924 there isn't though.

@m4gg197 4 жыл бұрын

patrick ben I totally agree.

@photoemulator4578 4 жыл бұрын

On these notes, could the exfil data be directly uploaded to the C2 and not remain on the Shark?

@FulcanelliRosetta Жыл бұрын

I feel like the led colors are off from the included documentation or videos. I dont see purple mentioned anywhere. Will have to spend time diggin to figure out how its changed since 3 years ago as battery is no longer included.

@robd.9146 4 жыл бұрын

Any black Friday / Cyber Monday sales coming up??

@MobCat_ 4 жыл бұрын

Can the usb c be used as a usb host? Soo plug a bluetooth dongle into it so now the air gapped network can send and receive stuff to your phone or just ssh into the shark that's on a air gapped network? Or use the shark as a usb network card... So many possibilities for plugging usb things into a network let alone the shark as a hole O.O I really have to get a shark now.

@a4aLien 4 жыл бұрын

yeah, and it learns to fly as well if you drop it from the 100th floor.

@oraclewyrd2639 3 жыл бұрын

Can't you just ping for networks then Wireshark packet sniff from there? What other stuff do you got from the Shark Jack that you wouldn't get from the other method I mentioned?

@securityoverclock618 2 жыл бұрын

With the Shark Jack you can do all of this without needing authentication to a network. So you could walk into victims house/company and plug into any machine, and not many would know what you are doing. Using Wireshark and nmap to ping for networks will be a manual process that can take long periods of time + authentication to the victims network.

@nasonh4324 4 жыл бұрын

vi > nano

@DarrenKitchen 4 жыл бұрын

nano > vi

@jdb4517 4 жыл бұрын

notepad > vi

@nasonh4324 4 жыл бұрын

Darren Kitchen you know ... I love linux because this is still a debate. cheers

@michael040990 4 жыл бұрын

Nano>vi

@MrNetworkG Жыл бұрын

for me Shark Jack IP ends in 206 not 51, is there any way to catch what's the IP of Shark Jack when it's connected to switch?

@sauvus 4 жыл бұрын

Is it possible to replace the RJ-45 jack itself if the clip were to break?

@christysammons830 3 жыл бұрын

Yes

@mohitpannu27 4 жыл бұрын

Is this based on openwrt linux? , because you play opkg command

@maxstr 4 жыл бұрын

You said it waits for DHCP, but what if it doesn't get one? Like if a network is using ISE or something

@m4gg197 4 жыл бұрын

I think it waits for an IP Adress and if it doesn’t detect a DHCP Server it scans the whole network (cha cha not really smooth)

@Monalexander799 4 жыл бұрын

Can you essentially plus this into a router?

@michael040990 4 жыл бұрын

Yes

@chrisoconner2833 4 жыл бұрын

Sadly I can't place an order to Bulgaria, so sad :(

@DarrenKitchen 4 жыл бұрын

Check our authorized resellers - global link at the bottom of the page

@scripttag9235 4 жыл бұрын

Hello@@DarrenKitchen i want to buy some of tool of hak5 can i buy that in philippines?

@BossBoss-hj8gw 2 жыл бұрын

My shark jack doesn’t work if not plugged to a charger, how do I fix that?

@MuhammadWaqasAwan 4 жыл бұрын

What about POE based network is it possible to power this device over POE

@cowofdeath777 4 жыл бұрын

good question. Please, let me know what you've found

@damiondick7584 2 жыл бұрын

It has a battery so no PoE needed

@luistejido8986 4 жыл бұрын

will it work against IDS/ IPS ????

@maxstr 4 жыл бұрын

Luis tejido If it does, you need to fix your IDS/IPS. So yes, I'd say it works

@scripttag9235 4 жыл бұрын

Dear Hak5 i really want to buy your tools so i hope you have some shopping here in the Philippines

@cooller8888 4 жыл бұрын

the will ship it worldwide if you ask thru email and pay all the fees.... they didn't ship to my country before my order as well... that was in 2016 so polity might be different now but you can give it a try

@rhpmpp 4 жыл бұрын

can I put it on a raspberry and emulate it?

@iamaruler6350 2 жыл бұрын

I am not able to connect to the C2 server however I am able to have access to the web portal on 172. I am not sure what am doing wrong, the C2CONNECT command runs successfully but can't connect back to the server. Can anyone help

@cereal6779 4 жыл бұрын

can you make a book? i want to learn but i find it difficult to know what to start with

@cooller8888 4 жыл бұрын

try with BASICS omg :D ... what's that difficult?

@photoemulator4578 4 жыл бұрын

You can find three volumes of The Hackers Playbook by Peter Kim @ Amazon. That's a good book for some beginners.

@mattsanborn1958 4 жыл бұрын

Im baby

@krizsan0596 3 жыл бұрын

Read all the important safety thingys

@BossBoss-hj8gw 2 жыл бұрын

How do i exit the payload

@duhvids8821 4 жыл бұрын

is the black thing he's using jus tthe command prompt?

@chattr0ller 4 жыл бұрын

no but yes, like hes using linux os not mac not windows, just linux and it has its own terminal

@Sourison123 4 жыл бұрын

Does the SSH payload seem to be correctly? i've tried it on my network with dhcp enabled but keeps flashing red..

@DarrenKitchen 4 жыл бұрын

I just updated the payload for compatibility with v1.1.0 - check the repo again :)

@Sourison123 4 жыл бұрын

@@DarrenKitchen works like a charm, thanks!

@AJ-pj2px 4 жыл бұрын

Are you using Kali in a VM?

@cowofdeath777 4 жыл бұрын

i think so, specifically VB since he said, "...go on our Kali box". (virtual box)

@safaatjalaludin2328 4 жыл бұрын

Hi im from indonesia .. Awam

@guba33327 3 жыл бұрын

wont allow the default password of hak5shark

@ssswdon 4 жыл бұрын

How to get past nac security?

@lmaoroflcopter 4 жыл бұрын

Depends on the security. Mac based? Clone it. Agent based? Relay it if possible. Crack it if not. 802.1x based... You done be buggered. Target the client instead.

@TheShadowSuave 4 жыл бұрын

I'm gonna tell my kids this is Serj Tankian

@inwin8799 4 жыл бұрын

You can make all the videos in the world there is only one toolkit that survives updates and technology SET. It's a toolkit that makes a entrepreneur envy

@smn3225 4 жыл бұрын

Yes good but, its not avalible world-wide shipping only Us, Eu, Aus. Why not shipping worldwide?

@nilpo19 4 жыл бұрын

Depending on the packages installed on it, it may be illegal to export it to many countries. Otherwise, their shipping provider or payment processor may be the limiting factor.

@smn3225 4 жыл бұрын

@@nilpo19 let say its true, there are ways to avoid this kind of problems, amazon products are world wide avalible, l am not having any problem reciving products from amazon. İf they would sale it at amazon wouldn't be any problem. Actually l write email to shop.hack5 their excuse is not about distriction or limitation of export.

@CorruptName1 4 жыл бұрын

You just said "setting up the payloads" twice. Just saying.

@jesusiskingofkings3960 4 жыл бұрын

PC Planet more like 5x

@josecarrillo2002 2 жыл бұрын

the default password is not working ,,,

@rishabhtomar2174 4 жыл бұрын

please tell me how can i purchase hak5 products, i live in India

@6977warrior1 4 жыл бұрын

It will never be available in places like India since you guys use this stuff to scam people.

@rishabhtomar2174 4 жыл бұрын

@@6977warrior1 please dont jugde every Indian just because of some fools.

@pidgwiz5093 4 жыл бұрын

@@rishabhtomar2174 If that warrior dude was serious about generalizing well over a billion people as "scammers," then he should be ignored. Unless he is also acknowledging that unfortunately everyone else in the world is a bunch of scammers due to the fact that is how commerce works - that is if they are seeking successful gains. Surely not all business endeavors are equal in how ethical they are. You're well aware of course, just wanted to shout out to the Indian homie.

@lg3zamzam930 4 жыл бұрын

Can anybody help I got a usb rubber ducky I plugged it in like most people do to make the hello script run but it did nothing I looked into it and saw that there was nothing on the micro sd card what can I do?

@cooller8888 4 жыл бұрын

read the documentation

@lg3zamzam930 4 жыл бұрын

@@cooller8888 thanks but I found out on my own

@cooller8888 4 жыл бұрын

@@lg3zamzam930 so I gave you a piece of good advice.. you are welcome bro!

@lg3zamzam930 4 жыл бұрын

@@cooller8888 thanks!

@lg3zamzam930 4 жыл бұрын

Can you guys do something like hack around the planet like you and shannon hack eachother Hack wars?

@konradwerner4134 Жыл бұрын

My shark never connects 🤔

@konradwerner4134 Жыл бұрын

Update returns "fatal error"

@TheBigJohny 4 жыл бұрын

-1 for using ssh password instead of ssh key.

@inwin8799 4 жыл бұрын

I can see you don't use a vpn to upload your KZfaq videos

@JamesTheAxeThrower 4 жыл бұрын

I’m not a hacker and have never been interested in anything hacker related why is every single video you make being recommended to me now lmao. Is KZfaq telling me to become a hacker???

@hak5 4 жыл бұрын

Join us. We have (your) cookies 🥠😁

@HeronMarkedBlade-ef7zz 4 жыл бұрын

Same, I thought it was because I watched some lockpicking videos, analog vs digital security.

@andrewmurschel2608 4 жыл бұрын

Being a Hacker simply means you enjoy exploring the capabilities (both intentional and latent) of technology around you. KZfaq is just telling you to keep exploring :)

@am_official2927 4 жыл бұрын

Pls Can Anyone help me to get this cool stuff in India.

@KyrstOak 4 жыл бұрын

1:43 🙄 No it's not.

@photoemulator4578 4 жыл бұрын

It has been said. It cannot be unsaid.

@abhilashasingh1651 4 жыл бұрын

@briancrane7634 4 жыл бұрын

Darren I know you're a free-software, free-help type guy but you could make a TON of money by creating a hacking video course(s)! BTW this vid was AWESOME! I'm buying a SharkJack right now...Oh! Sh*t!...you're out of the 'elite' kit...well...later...

@inwin8799 4 жыл бұрын

I watched a tv show saying a air gap couldn't be hacked lol

@cupcakecupcake5360 4 жыл бұрын

@Hak5 Deer Hak5 Please make radio calls and read data hacking and hjacking to TV networks and radio's Good night

@idark1480 2 жыл бұрын

I want to learn to hack

@SaeedAlFalasi 4 жыл бұрын

Made in China

@georgemartinez1076 4 жыл бұрын

Can I get free Wi-Fi on a cruise with that

@chrisnewman7863 4 жыл бұрын

take a pineapple

@CameronMoorecamdaman231 4 жыл бұрын

Lol you should not be using that tool if you cannot remember a couple ssh commands.

@secinject814 Жыл бұрын

The man just got hit by a car on a bike and almost died, and probably sustained a brain injury from it. Cut him some slack for forgetting a few commands

@inwin8799 4 жыл бұрын

You want to be a hacker this ain't it

@MrNetworkG 10 ай бұрын

Very bad hak5 support, I'll say no support at all, very unprofessional

@-_IT_- 4 жыл бұрын

I hate where this channel is going. You neglect your other devices while you introduce new products. Good luck on your endeavors.

@DarrenKitchen 4 жыл бұрын

What would you like to see a video on next?

@trailrider6844 4 жыл бұрын

The world is changing.

@JosueRodriguez08 4 жыл бұрын

@@DarrenKitchen I would love if you could make a "replicating our devices with rpi and arduino" series...I do understand you are not going to gain any money with that but that's what I'll like to see

@Blakhawk1703 4 жыл бұрын

@@DarrenKitchen More pen testing videos. But i hear KZfaq is gonna start cracking down on those types of videos. :(

@-_IT_- 4 жыл бұрын

@Darren Kitchen, please do not get me wrong, I enjoy seeing new devices. But it seems as though with each new device, the older devices are forgotten, which at some point is inevitable, I know. But I went from a MKV with all the bells and whistles to a Tetra, with the thought that if I upgrade that there will be an active community. I was wrong. I mentioned before that there is a module that would not download, it hangs and was not fixed. Now we are talking about new devices. While fun, they are virtually impractical. Bait for skiddies! Hak5 is not what it used to be. When there was Systm and The Broken with Kevin, before you joined Rev3, the old Hak point 5, awesome times, but now it is all forgotten and now the content seems to be more commercialized.