- \n
- Raspberry Pi<\/strong> [Link<\/a>]\n
- \n
- Full-featured computer with ARM<\/strong> CPU.<\/li>\n<\/ul>\n<\/li>\n
- ZimaBloard<\/strong> [Link<\/a>]\n
- \n
- A compact X68<\/strong> board is excellent for development.<\/li>\n<\/ul>\n<\/li>\n
- VisionFive 2 from StarFive<\/strong> [Link<\/a>]\n
- \n
- This RPi lookalike features RISC-V<\/strong> architecture.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
- Routers\n
- \n
- GL-iNet GL-AR750S-Ext<\/strong> [Link<\/a>]\n
- \n
- An excellent travel router with 3 Gbps ports, independent dual-band access point, MicroSD reader, USB port, native OpenVPN, programmable physical buttons, and more.<\/li>\n<\/ul>\n<\/li>\n
- Netgate SG-1100<\/strong> [Link<\/a>]\n
- \n
- Professional 3 Gbps port router loaded with PfSense (they are the official developers by the way) plus USB3, USB2, and mini PCIe.<\/li>\n<\/ul>\n<\/li>\n
- Protectli Vault<\/strong> [Link<\/a>]\n
- \n
- Fanless, x64 CPU, from 2 to 6 Gbps ports, capable of running hypervisors (such as XCP-ng and Proxmox), bare-metal Operating Systems (Windows and Linux), and others.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
- Gadgets and Microcontrollers\n
- \n
- Raspberry Pi Pico<\/strong> [Link<\/a>]\n
- \n
- $5 microcontroller for all automation projects.<\/li>\n<\/ul>\n<\/li>\n
- Digispark ATTINY85<\/strong> [Link<\/a>]\n
- \n
- $8 Arduino-compatible USB development board.<\/li>\n<\/ul>\n<\/li>\n
- Hak5 Lan Turtle<\/strong> [Link<\/a>]\n
- \n
- It runs OpenWRT and can be used as a Swiss knife tool (with an internal MicroSD card reader) or as a permanent physical implant for a stable reverse shell, Man-In-The-Middle attack, etc.<\/li>\n<\/ul>\n<\/li>\n
- Hak5 Shark Jack<\/strong> [Link]\n
- \n
- A portable network attack and automation tool that runs OpenWRT.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\nLAN Turtle<\/strong><\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-14-20-22-13.png\")
<\/p>\n- \n
- IP from the USB side: 172.16.84.1<\/strong>\/16<\/li>\n
- The default credentials for root<\/strong>:sh3llz<\/strong>\n
- \n
- \n
ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa root@172.16.84.1<\/pre>\n<\/li>\n<\/ul>\n<\/li>\n
- To open the configuration menu type: turtle<\/strong>\n
- \n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-14-20-10-30.png\")
<\/li>\n![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-14-20-10-48.png\")
<\/li>\n![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-14-20-24-40.png\")
<\/li>\n![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-14-20-25-04.png\")
<\/li>\n![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-14-20-25-08.png\")
<\/li>\n<\/ul>\n<\/li>\n- Installed modules live at
\/etc\/turtle\/<\/code>\n- \n
- Example of a script for
httppost<\/code> module:\n- \n
- \n
echo \"Turtle is Online!\"\r\necho \"\"\r\n# Wait for IP assigned to eth1\r\nwhile ! ip a show dev eth1 | grep \"global\"; do sleep 1; done > \/dev\/null\r\necho \"Internal IPs\"\r\nip a | grep global | sort\r\necho \"\"\r\necho \"Gateways\"\r\nGWAY=$(route | grep default | awk {'print $2'})\r\necho \"$GWAY\"\r\necho \"\"\r\necho \"Public IP\"\r\nPUB=$(wget -q -O- http:\/\/ipinfo.io\/ip)\r\necho \"$PUB\"<\/pre>\n<\/li>\n - Then, use pub-sub services such as ntfy<\/strong> [Link<\/a>] to receive a push notification on the mobile.<\/li>\n<\/ul>\n<\/li>\n
- An example of a packet sniffer for popular unencrypted traffic that saves to the SD card.\n
- \n
- \n
( tcpdump -U -C 100 -W 10 -i eth0 port '(21 or 23 or 25 or 53 or 80 or 110 or 143 or 161 or 389)' -w \/sd\/unencrypted.pcap &> \/dev\/null ) &<\/pre>\n<\/li>\n
- \n
killall tcpdump<\/pre>\n<\/li>\n
- It will write the file without buffering, and break it into 100MB chunks for up to 10 pieces. The second command interrupts gracefully.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
- Speed Test\n
- \n
- File transference over SSH: 16.3 Mbps<\/strong><\/li>\n
- Speed test with (first) and without OpenVPN (second):\n
- \n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot_2021-03-13_20_28_11.png\")
<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\nShark Jack<\/strong><\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-13-21-59-19.png\")
<\/p>\n- \n
- IP from the USB side: 172.16.24.1<\/strong>\/16<\/li>\n
- The default credentials root<\/strong>:hak5shark<\/strong>\n
- \n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot-From-2025-04-13-21-44-32.png\")
<\/li>\n<\/ul>\n<\/li>\n- Switch\n
- \n
- OFF\/Charging – Does not boot.<\/li>\n
- Armin Mode – Boot but does not trigger the payload, only allows configuration.<\/li>\n
- Attack Mode – Boot and immediately start the payload.<\/li>\n<\/ul>\n<\/li>\n
- Main directories:\n
- \n
- \/root\/loot\/ (outputs from the payloads)<\/li>\n
- \/root\/payload\/ (auto-execute payloads from here)<\/li>\n
- \/tmp\/ (volatile)<\/li>\n<\/ul>\n<\/li>\n
- LED status:\n
- \n
- Green blinking (booting up)<\/li>\n
- Blue blinking (charging)<\/li>\n
- Blue solid (fully charged)<\/li>\n
- Yellow blinking (arming mode)<\/li>\n
- Red blinking (error or no payload found)<\/li>\n<\/ul>\n<\/li>\n
- Payload repository [Link<\/a>]<\/li>\n
- Its RJ-45 connector works as a light guide, and it has an RGB LED for signaling and status.<\/li>\n<\/ul>\n
Since it runs OpenWrt<\/strong> 18, packages can easily be installed with OPKG<\/strong>.<\/p>\n
opkg update\r\nopkg list\r\nopkg install nano\r\nopkg install arp-scan\r\nopkg install tcpdumpo\r\nopkg install nping<\/pre>\n
\nBONUS<\/strong><\/p>\n
PCAPdroid<\/strong> is an equivalent of Wireshark for Android devices. Besides capturing and exporting a PCAP dump, it also tracks, analyzes, and blocks the connections made by other apps on the device [Link<\/a>]. It pretends to be a VPN in order to intercept communication.<\/p>\n
![\"\"](\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2021\/03\/Screenshot_20260420-144017-929x1024.png\")
<\/p>\n
\nBONUS<\/strong><\/p>\n
Find out how to upgrade your Shark Jack to a semi-permanent network implant at: Hacking Hak5 Shark Jack<\/strong> [Link<\/a>].<\/p>\n
- Its RJ-45 connector works as a light guide, and it has an RGB LED for signaling and status.<\/li>\n<\/ul>\n
- The default credentials root<\/strong>:hak5shark<\/strong>\n
- IP from the USB side: 172.16.24.1<\/strong>\/16<\/li>\n
- Speed test with (first) and without OpenVPN (second):\n
- File transference over SSH: 16.3 Mbps<\/strong><\/li>\n
- An example of a packet sniffer for popular unencrypted traffic that saves to the SD card.\n
- \n
- Example of a script for
- The default credentials for root<\/strong>:sh3llz<\/strong>\n
- IP from the USB side: 172.16.84.1<\/strong>\/16<\/li>\n
- A portable network attack and automation tool that runs OpenWRT.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- Raspberry Pi Pico<\/strong> [Link<\/a>]\n
- Routers\n
- VisionFive 2 from StarFive<\/strong> [Link<\/a>]\n
- ZimaBloard<\/strong> [Link<\/a>]\n
- Full-featured computer with ARM<\/strong> CPU.<\/li>\n<\/ul>\n<\/li>\n