diff --git a/sharkjack.sh b/sharkjack.sh new file mode 100755 index 0000000..90604a6 --- /dev/null +++ b/sharkjack.sh @@ -0,0 +1,356 @@ +#!/bin/bash +# Shark Jack +# +# sharkjack.sh - Helper script for linux/OSX for convenient interaction with your Hak5 Shark Jack +# (C) Hak5 2019 +#VERSION=1.0.0 + +function exitscript(){ + echo -e "\nExited\n" + exit $1 +} + +function err() { + echo -e "\n[FATAL] $1\n" + exitscript 1 +} + +function cleart() { + printf "\033c" +} + +function banner(){ + cleart + echo -e "\n\n\n\n #####################################################\n\n\n" +printf "\ + \_____)\_____ Shark Jack _____/(_____/\" + /--v____ __°< by Hak5 >°__ ____v--\" + )/ \(\" +" + echo -e " \n\n#####################################################\n\n" +} + +function iptables_check() { + if [[ -z $(which iptables) ]]; then + err "[!] iptables required to detect Shark on linux" + fi +} + +function os_check() { + if [[ "$OSTYPE" == "darwin"* ]]; then + echo -e "\nOSX Detected\n" + OS=1 + elif [[ "$OSTYPE" == "cygwin" ]]; then + err "Cygwin not supported" + else + OS=0 + iptables_check + fi +} + +function root_check() { + if [[ "$EUID" -ne 0 ]]; then + printf "\n%s\n" "Please re-run as root" + usage + exitscript 1 + fi +} + +function connection_error(){ + IFACE='' + printf "\n%s\n" "[!] error communicating with the Shark Jack" +} + +function connection_check(){ + sleep 1 + ping -c 1 172.16.24.1 &>/dev/null && echo -e " [+] Shark Jack Detected..." && return 0 + connection_error && return 1 +} + + +function locate_interface_to_shark() { + printf "\n%s" 'Waiting for a Shark Jack to be connected..' + while [[ -z $IFACE ]]; do + printf "%s" . + IFACE=$(ip route show to match 172.16.24.1 2>/dev/null| grep -i 172.16.24.1 | cut -d ' ' -f3 | grep -v 172.16.24.1) + sleep 1 + done + echo -e "\n" + connection_check || locate_interface_to_shark +} + +function osx_locate_interface_to_shark(){ + printf "\n%s" 'Waiting for a Shark Jack to be connected..' + while [[ -z $IFACE ]]; do + printf "%s" . + IFACE=$(ifconfig |cut -d ' ' -f1 |grep en|cut -d ':' -f1 | xargs -I {} sh -c "ipconfig getifaddr {}|grep -i 172.16.24 &>/dev/null && echo {}") + sleep 1 + done + echo -e "\n" + connection_check || osx_locate_interface_to_shark +} + +function locate_shark(){ + if [[ $OS -eq 1 ]]; then + osx_locate_interface_to_shark + else + locate_interface_to_shark + fi +} + +function ssh_connect(){ + printf "\n\tLogging into Shark Jack...\n\n" + printf "\n\t[!] Ensure Shark Jack is in Arming Mode (middle switch position) or connection will be refused...\n\n\n" + ssh root@172.16.24.1 || return 1 +} + +function connect() { + locate_shark + printf "\n\tAttempting to establish SSH connection...\n" + ssh_connect || return 1 +} + +function check_ip6tables_rule_exists(){ + if [[ -z $(ip6tables -vL|grep $IFACE) ]];then + echo 1 + else + echo 0 + fi +} + +function cleanup() { + printf "\n%s\n" "[!] Cleaning up..." +} + +function get_payload_path(){ + read -p "FULL PATH to payload (q to return to menu): " PAYLOADPATH + if [[ $PAYLOADPATH == "q" ]]; then + cleart + printf "\n%s\n" "[!] Returning to main menu..." + sleep 2 + main_menu + else + [[ -e $PAYLOADPATH ]] && printf "\n%s\n" "[!] $PAYLOADPATH does not exist" && sleep 2 && main_menu + fi +} + +function push_payload(){ + echo -e "\n [+] Push Payload to Shark Jack" + echo -e "\n----------------------------------------" + get_payload_path + locate_shark + echo -e "\n [+] Pushing payload to device..." + EXPANDEDPATH=$(echo $PAYLOADPATH |cd) + scp -r $EXPANDEDPATH root@172.16.24.1:/root/payload/payload.txt && echo -e "\n [+] Payload copied to Shark" || echo -e "\n [!] ERROR copying paylod to Shark" + exitscript 0 +} + +function connect_and_upgrade(){ + echo -e "\n [+] Upgrading Shark Jack firmware" + echo -e "\n----------------------------------------" + locate_shark + upgrade_firmware +} + +function path_firmware_upgrade(){ + read -p "Path (including filename) to Shark Jack firmware file (q to return to menu): " FWFILEPATH + if [[ $FWFILEPATH == "q" ]]; then + cleart + printf "\n%s\n" "[!] Returning to main menu..." + sleep 2 + main_menu + else + [[ -z $FWFILEPATH ]] && printf "\n%s\n" "[!] $FWFILEPATH does not exist" && sleep 2&& local_file_menu && main_menu || connect_and_upgrade + fi +} + +function download_latest_fw(){ + echo -e "\n Downloading latest Shark Jack firmware\n" + echo -e "\n----------------------------------------\n" + curl https://downloads.hak5.org/api/devices/sharkjack/firmwares/latest --output upgrade.bin && echo -e "\n [+] Firmware download complete!\n\n" || echo -e "\n [!] Firmware Download Failed" && exitscript 1 +} + +function ls_cwd(){ + banner + echo -e "\n Listing .bin files in current working directory: $(pwd) \n" + ls -l $(pwd) |grep -i '.bin' + echo -e "\n----------------------------------------\n" + local_file_menu +} + +function local_file_menu(){ + echo -e "\n Upgrade Shark Jack firmware using local file" + echo -e "\n----------------------------------------" + echo -e "\n Where is the new Shark Jack firmware file located? " + printf "\n\ + [$(tput bold)L$(tput sgr0)]ist bins in current directory\n\ + \n\ + [$(tput bold)P$(tput sgr0)]rovide path to file\n\n\ + [$(tput bold)M$(tput sgr0)]ain Menu\n\ + [$(tput bold)Q$(tput sgr0)]uit\n\n" + + read -r -sn1 key + case "$key" in + [lL]) ls_cwd;; + [pP]) path_firmware_upgrade;; + [mM]) main_menu;; + [qQ]) exitscript 0;; + *) local_file_menu;; + esac +} + +function reset_key(){ + printf "\n\tRemoving Shark Jack key from known_hosts file...\n\n" + HOMEDIR=$(eval echo "~$USER") + ssh-keygen -f "$HOMEDIR/.ssh/known_hosts" -R 172.16.24.1 +} + +function do_sysupgrade(){ + printf "\n%s\n" "User Confirmed Power Source, continuing with upgrade..." + echo -e "\n Shark Jack Firmware Upgrade" + echo -e "\n----------------------------------------" + printf "\n%s\n\n" "Logging into Shark Jack to Start Upgrade..." + + ssh root@172.16.24.1 -t 'sysupgrade -n /tmp/upgrade.bin' + trap '' SIGINT + + banner + printf "\n%s\n" "[!] DO NOT UNPLUG THE DEVICE UNTIL IT HAS REBOOTED" + printf "\n%s\n" "[!] Shark Jack Firmware Upgrading..." + COUNT=0 + while [[ $COUNT -lt 146 ]]; do + printf "%s" . + COUNT=($COUNT+1) + sleep 1 + done + trap - SIGINT + + reset_key + printf "\n%s\n" "Ready to attempt reconnection to your newly upgraded Shark Jack..." + exitscript 0 +} + +function upgrade_firmware(){ + printf "\n%s\n\n" "Copying Firmware to Shark Jack..." + EXPANDEDPATH=$(echo $FWFILEPATH |cd) + scp $EXPANDEDPATH root@172.16.24.1:/tmp/upgrade.bin + + cleart + printf "\n%s\n" "ONCE STARTED - DO NOT UNPLUG THE DEVICE FROM NETWORK OR POWER" + printf "\n%s\n" "[!] SHARK JACK MUST BE POWERED OVER USB-C [!]" + printf "\n%s\n" "[!][!] Attempting Firmware Upgrade ON BATTERY will likely brick your device. [!][!]" + echo -e "\nFirmware File to Flash: $EXPANDEDPATH" + echo -e "\nIs your Shark Jack connected to a good power source and is the file listed above correct?" + printf "\n\ + [$(tput bold)Y$(tput sgr0)]es / Continue\n\ + [$(tput bold)N$(tput sgr0)]o / Abort\n\n\ + [$(tput bold)M$(tput sgr0)]ain Menu / Abort\n\ + [$(tput bold)Q$(tput sgr0)]uit / Abort\n\n" + + read -r -sn1 key + case "$key" in + [yY]) do_sysupgrade;; + [nN]) echo -e "\n[!] Connect Shark Jack to Power over USB-C to upgrade firmware"; exitscript 1;; + [mM]) main_menu;; + [qQ]) exitscript 0;; + *) echo -e "\n Unrecognized response, Exiting for safety"; exitscript 1;; + esac +} + +function upgrade_process_menu(){ + banner + echo -e "\n Shark Jack Firmware Upgrade Menu" + echo -e "\n----------------------------------------\n" + printf "\n\ + [$(tput bold)D$(tput sgr0)]ownload latest firmware from downloads.hak5.org\n\ + [$(tput bold)L$(tput sgr0)]ocal firmware file\n\n\ + [$(tput bold)M$(tput sgr0)]ain Menu\n\ + [$(tput bold)Q$(tput sgr0)]uit\n\n" + + read -r -sn1 key + case "$key" in + [lL]) banner && local_file_menu;; + [dD]) banner && download_latest_fw;; + [mM]) main_menu;; + [qQ]) exitscript 0;; + *) upgrade_process_menu;; + + esac +} + +function get_loot(){ + locate_shark + printf "\n%s\n\n" "Logging into Shark Jack to pull collected loot..." + scp -r root@172.16.24.1:/root/loot/ . + exitscript 0 +} + +function setup_shark(){ + locate_shark + echo -e "\nCopy ssh key to shark for passwordless login" + echo -e "\n------------------------------------------------\n" + HOMEDIR=$(eval echo "~$USER") + echo -e "\n Listing : $HOMEDIR/.ssh \n" + ls -l $HOMEDIR/.ssh + echo -e "\n----------------------------------------\n" + + if [[ -z $(ls -l $HOMEDIR/.ssh|grep -i .pub) ]]; then + echo -e "\nNo key found. Calling ssh-keygen to create a new one...\n" + ssh-keygen -t rsa -b 4096 + fi + + read -p "FULL PATH to your SSH key or hit enter to use the default ~/.ssh/id_rsa.pub (q to return to menu): " SSHKEYPATH + if [[ $SSHKEYPATH == "q" ]]; then + cleart + printf "\n%s\n" "[!] Returning to main menu..." + sleep 2 + main_menu + else + [[ -e $SSHKEYPATH ]] && printf "\n%s\n" "[!] $SSHKEYPATH does not exist" && sleep 2 && main_menu + fi + if [[ -z $SSHKEYPATH ]]; then + ssh-copy-id -i root@172.16.24.1 + else + ssh-copy-id -i $SSHKEYPATH "root@172.16.42.1" + fi + exitscript 0 +} + +function main_menu() { + banner + if [[ $OS -eq 1 ]]; then + echo -e "\n\n OSX DETECTED \n\n" + fi + printf "\n\ + Press the highlighted key to select an option (example: press C to connect)\n\n\ + [$(tput bold)C$(tput sgr0)]onnect - get a shell on your Shark Jack\n\ + [$(tput bold)U$(tput sgr0)]pgrade firmware\n\ + [$(tput bold)P$(tput sgr0)]ush payload to Shark Jack\n\ + [$(tput bold)G$(tput sgr0)]et loot saved on Shark Jack\n\n\ + [$(tput bold)R$(tput sgr0)]eset known_hosts keys for the Shark Jack on this system\n\ + [$(tput bold)S$(tput sgr0)]etup ssh keys for easy access\n\ + [$(tput bold)Q$(tput sgr0)]uit\n\n" + + read -r -sn1 key + case "$key" in + [cC]) connect;; + [uU]) upgrade_process_menu;; + [pP]) push_payload;; + [gG]) get_loot;; + [rR]) reset_key;; + [sS]) setup_shark;; + [qQ]) exitscript 0;; + *) main_menu;; + esac +} + +# Validate priv / iptables +root_check +os_check + +main_menu + +echo -e "\nDone\n" + +trap cleanup INT +exitscript 0