Unboxing and setting up the Hak5 Shark Jack!

So your Shark Jack just arrived, you've had a moment to appreciate the sweet metal case it comes in, and now you're eager to dig in andget your hack on! Keep reading.

TL;DR - Read the safety info & diagram on the card. Charge it by USB. Flip the switch far forward and plug it into your LAN. When the light goes green, the trap is clean. Unplug, flip the switch to the middle position and plug it into your computer. SSH to root@172.16.24.1 (pass: 'hak5shark') and find the scan results in /root/loot. 
 
Cool, then what? Read up at docs.hak5.org, grab the latest firmware & tools from downloads.hak5.org, get chatty at forums.hak5.org, spin up your very own Cloud C2 server from c2.hak5.org, and finally nab & contribute payloads from payloads.hak5.org. Enjoy!

Now obviously the prudent first step would be to RTFM (which you can find at docs.hak5.org) but let's throw caution to the wind... That is, with the exception of reviewing all of that important safety information – it does include a Lithium battery after all.

Pay heed.


Step 1: Charge it up

Flip that mischievous red attack switch to the OFF position - that's the position closest to the USB-C port. Then plug in a USB-C cable to your charger of choice. The Shark Jack will sip a steady 5 volts and about a half amp. After a brief green-blinking boot, it'll blink blue to show that the battery is charging. Give it a few minutes and it'll light solid blue. Then, unplug it. And as you recall from that important safety information – you don't leave lithium batteries unattended while charging. Just sayin'


Step 2: Jack into a network

Unplug your Shark Jack from the USB charger and give it a moment to cool down. It'll be a little warm from charging, but as you know from that important safety information it complies with IEC standards – so you're all good. Just keep that sly red switch in the off position and take a moment to practice wielding the Shark Jack as if a floppy disk while reciting "you talkin' to me, punk?" in the mirror. Where were we again? Oh right - jacking into your network...

 

Find that sweet 24 port switch mounted in your network closet, or RJ45 wall plate if you've gone full-geek and wired the house with CAT6. Repeat the phrase "this is my network and I'm totally authorized to pentest it" - then flip the evil red switch far forward, closest to the Ethernet jack, to put it in attack mode. It'll start booting and blinking - and at any time it's ready to be plugged into your network. Right outa the box it'll perform a simple nmap scan - and when the fun is done, the light will go green (and the trap will be clean). It's then safe to unplug.


Step 3: SSH in to nab loot

Flip that crafty red switch to the middle position to put your Shark Jack into arming mode. Here instead of being a client on your network, it'll act as a server. Connect it to your computer's Ethernet port and you'll get assigned an IP address in the 172.16.24.x hood. From there just open terminal if on MacOS or Linux, or powershell if you're on Windows. Then SSH into the Shark Jack with the command "ssh root@172.16.24.1". The default password is "hak5shark". After admiring the cute shark ASCII art in the banner, cd over to /root/loot and enjoy those scan results. Want to change the payload? Just copy a payload.sh to /root/payload – and there's a growing collection at payloads.hak5.org

Want to make all that even easier? Download the sharkjack.sh script (for Mac and Linux) from the Shark Jack section of  downloads.hak5.org – it'll automate gathering loot, swapping out payloads and even upgrading the firmware (you'll wanna do that – new features and tools are added from time to time).


That's it for the basics

Of course you should also familiarize yourself with the ins and outs detailed in the official Shark Jack documentation at  docs.hak5.org.


Once you start diving in and testing payloads, you may also want to set yourself up with a Cloud C2 server – it's great for remote access and exfiltration and is supported by a lot of the payloads. There's a free community version to be had at  c2.hak5.org, and it runs on your own hardware, so we never see your bits (we don't wanna see 'em).


And finally, join the community at  forums.hak5.org – it's home to some really bright pentesters and enthusiasts just like yourself, so you'll fit right in. Cheers!


Also in Shark Jack

Writing a simple payload for the Shark Jack
Writing a simple payload for the Shark Jack

If you've worked in IT for a while you've come across this conundrum. Is this thing on? Without breaking out ye-olde-laptop, we're going to use the Shark Jack to test just this. Let's see how 5 simple lines of bash will give us instant feedback from the RGB LED.
Two key commands for Shark Jack users
Two key commands for Shark Jack users

Whether on Windows, Mac or Linux – working with the Shark Jack is most convenient from the command line. Best of all, since modern versions of Windows ship with PowerShell, these work identically on all three platforms.
Getting started with sharkjack.sh
Getting started with sharkjack.sh

So you've gotten the basics down, tried out a few payloads, and now you're ready to take your Shark Jack game to the next level.