Root Shark

[Trinidad Baltzell]

Thisadds a wireshark group. Anybody in that group will be able to sniff without being root. This is obviously more secure than just letting anybody sniff but does mean there's no password checking. Technically any person with access to a computer logged in with a wireshark account will be able to sniff. If that's acceptable to you, carry on.

Note that there are security concerns with running Wireshark in this mode, namely that any exploit that compromises Wireshark now has root privileges rather than user privileges. This is more of a concern with Wireshark than other application because, by it's very nature (capturing and processing arbitrary input), Wireshark is more vulnerable to exploits than typical desktop applications. You are probably safe on a SOHO network, but you should be aware of this concern before proceeding.

You say that loot works fine. Do you mean "local" loot or loot sent to the C2 server from the Shark? Just to get an understanding if you have some kind of connection to the C2 server or not. In what way have you started your C2 server? What command line options are used? (Don't post any IP addresses though).

If you cat the device.config file that you have put in /etc of the Shark, can you see the correct IP address of the C2 server in the file (it's a lot that's just unreadable, but the IP address should show at the start of the file)?

Did you restart the C2 server at some point? With what command line did you restart it (I guess you aren't running it as a service, but start it manually)? With the actual IP address as a command line parameter or the $IP variable that was used in Darren's YouTube tutorial?

Also tried to reboot my AWS lightsail C2 server instance from AWS's main menu but each and every time I start my AWS C2 server, I need to run the following command in order to be able to connect to Hak5 Cloud C2 GUI console.

As long as you populate the $IP variable each time, it should work. It's just that I've helped users that use the tutorial that Darren put up on YouTube, but they don't fully understand how it works and starts the C2 server using the $IP variable, but isn't populating that variable with any relevant IP address. This makes it look like the C2 server is correctly started but the hostname is all wrong.

No, this should work without any problems. I have my Shark connected to my C2 server which is on a Lightsail VPS as well. I will go out for a walk now, perhaps there are some other things that I don't include in the troubleshooting scenario right now that might pop up during the walk.

2. Removed SJ from C2 web UI and re-added then removed existing device.config file then downloaded a new file from c2 web UI then created a new device.config file and transferred the device.config file into /etc directory.

OK, right now I'm out of options regarding ways to try to assist you. My Shark works perfectly well with my C2 server. Since you have the most basic setup of C2 (no https, no domain name used, etc.) it should really work. A lot of stuff is taken away from the scenario that could add complexity when running it in the way you do. The only thing that I can think of is network access, but that is such a basic thing that I haven't bothered to ask since I know that you are aware of the fact that the Shark of course needs access to the internet. It's the last thing I can think of to try, ping some resource on the internet (but don't ping your Lightsail VPS since it won't answer to pings by default). Other than that, review the firewall settings on your VPS instance and make sure they are exactly as specified in the tutorial/docs. If you have added/installed/activated some local firewall on the VPS OS (such as ufw) then check that as well ("sudo ufw status" if running Ubuntu Server).

Other than that, you could perhaps "shark the Shark". In other terms, use Wireshark and sit between the Shark and the network and record some traffic as you try to connect with C2CONNECT and look at what's happening on the wire.

As a last resort, I would probably set up the C2 server locally in my own network to exclude any "disturbances" and control all of the infrastructure used. Limiting any sources of failure. If that works I would try running it on the VPS again assured that it should really work and nothing is wrong with the Shark or C2 themselves.

Then your Shark has internet connection. You need to craft a payload that connects to your C2 server. Just add C2CONNECT to the bottom of the already existing "internet test" payload that your just tried. You can't access it using ssh because the ssh daemon isn't a part of the current payload. I seem to remember that it is a part of C2CONNECT though.

Reason why I unplugged it from the modem is bcos it was still showing last seen never in c2Web UI so I attempted to perform other actions. But you're right, SJ wasn't bookable in Web UI as it's not accessible in C2.

A shark possesses several rows of teeth in its jaw. Only 3 or 4 orderly first ones serve to catch its preys. Other rows are in fact the teeth which are in preparation. The root is the last part of a tooth which makes.

I prepare myself jaws of current sharks, and I was able to see teeth as that shown on the image. This tooth is hollow because it was not totally formed. In the jaw, it was situated in one of the last rows of teeth.

i once found a lens of hollow teeth of various sizes along with phosphatic bivalve and gastropod molds, rolled baculites, occasional ammonites at the contact of the austin and pecan gap chalks north of san antonio (campanian) and assumed some sort of preferential chemistry dissolving roots and pulp but not enamel

cool! is this true of all shark species? Im only asking because here in NJ Ive found several thousand teeth over the past 12 years and Ive never found a hollow tooth before, but Id sure like to add one to my collection

If the tooth is hollow more than likely the shark was probably dead. If you find numerous hollow teeth at the same location. Perhaps these are teeth from the same shark. Would be incredible to find an entire set of teeth like this.

I made a posting earlier this year on this subject and I had quite a few helpfull replies. I am attempting to post a link to my earlier posting. Hope it works. If note go through my postings until you run across the topic with the same name. Have a good day.

I guess I don't know how to attach a link to my earlier posting but if I figure it out I will attach it. It had a lot of good feedback from other members. In a nut shell though, some teeth just don't receive the special treetment they need to become quality fossils but the enamel was durable enough to still keep them around for us to enjoy. I wish now I had kept some of the hollow great white teeth I found but they were so fragile they just crumbled in my back pack.

I have found "hollow" shark tooth specimens of Mako, Megalodon, large sandtiger, tiger, and hemipristis sharks. I don't think I've ever found a hollow specimen for any of the smaller teeth such as carcharhinus, angel shark, thresher, lemon, small sandtiger, etc.

Not exactly. In the case of a shark who would have 7 rows of teeth, only the teeth of 3th or 4th first rows will been completely made and solid. The more we look at rows towards the back, and the less roots exist. In the last row, teeth are so soft as even the enamel is not solid. In my opinion, these teeth don't even fossilize.

Sometimes I've picked up such hollow teeth and accidentally crushed them. I've always assumed the remainder of the tooth just disintegrated from poor fossilization or being exposed to acidic elements. Being non-fully developed replacement teeth is an interesting idea.

But when I try to copy (share via email, upload to ftp, via the Windows Explorer), it doesn't work or doesn't show.Doesn't work meaning:FTP says "upload failed, transfer failed".Share via email says "Cannot read attachment".

I could not see them either on Windows File Explorer. When I checked with ES File Explorer there were pcap files. So, I simply put a dummy extension to the file (for example, shark_dump_12345.pcap to shark_dump_12345.pcap.zip using renaming function) and then File Explorer could see the zip file.

Great White teeth do tend to have very coarse serrations which this one has from the looks of it. I see Tony's point that the enamel dips down on the lingual (rounded) side where the megalodon bourlette would be. I'm probably in the rootless meg camp as well. Can we get a size for this tooth? That would help a lot as megs top out at a much much larger size than GW's.

3a8082e126