I have a new toy: a “Shark Jack“. It’s a small device sold by Hak5 that performs a nmap scan (-sP) when plugged into a network port (that’s the default “payload”).
In this blog post, I’m sharing the network capture of a scan performed in this “test environment”:
The device (small black box, almost square) between the Shark Jack (SJ) and the router is my “Packet Squirrel”: a simple network capture device.
A couple of observations:
- The SJ was tested with its original firmware (1.0.0)
- The SJ will randomize its MAC address
- The SJ performs 2 full DHCP handshakes prior to the nmap scan
- The SJ listens on port 53 (tcp and udp) using dnsmasq (observed while scanning)
Example of different MAC addresses after before and after reboot:
root@shark:~# ifconfig
eth0 Link encap:Ethernet HWaddr 2E:AF:43:F2:3E:22
inet addr:172.16.24.1 Bcast:172.16.24.255 Mask:255.255.255.0
root@shark:~# ifconfig
eth0 Link encap:Ethernet HWaddr 86:72:96:71:C3:3C
inet addr:172.16.24.1 Bcast:172.16.24.255 Mask:255.255.255.0
And it can get quite hot while charging, as can be observed in this thermal image:
shark_jack_capture.zip (https)
MD5: 9E5C1187D64A6EC7284C06464E791F01
SHA256: 5153F5C7B559BEC1539B0395F97C5852064D7ED9309B837F11A9381EA6ED4C88
Didier Stevens 
Shiny hot kit
Comment by Anonymous — Thursday 10 October 2019 @ 15:23
[…] Shark Jack Capture File […]
Pingback by Overview of Content Published in October | Didier Stevens — Friday 1 November 2019 @ 0:00