Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video)

Posted by Roblimo on from the monitor-your-people-without-them-ever-finding-out dept.

Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.

74 comments

  1. Pwnie Express by elrous0 · · Score: 0, Offtopic

    Okay, that's pretty cheesy. But I'll admit it did make me giggle.

    When I giggle I also get an erection. But that's probably irrelevant information.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Pwnie Express by Anonymous Coward · · Score: 2, Funny

      Where is the -1 Disturbing when you need it?

    2. Re:Pwnie Express by miknix · · Score: 5, Funny

      Okay, that's pretty cheesy. But I'll admit it did make me giggle.

      When I giggle I also get an erection. But that's probably irrelevant information.

      Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

    3. Re:Pwnie Express by gtch · · Score: 2, Insightful

      But is that funnier than the fact there are people in offices all over the world talking about "Penetration Testing" with a straight face?

    4. Re:Pwnie Express by Anonymous Coward · · Score: 0, Funny

      Penetration Testing using the Plug of the Destroyer God and you have an erection. Somehow a Goatse link feels safe and comforting right now. I'm going to crawl back into bed and cry myself to sleep.

    5. Re:Pwnie Express by wbr1 · · Score: 1, Offtopic

      Okay, that's pretty cheesy. But I'll admit it did make me giggle.

      When I giggle I also get an erection. But that's probably irrelevant information.

      Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

      Not possible, the erection the OP gets is not their own, but belongs to someone else doing 'penetration testing'.

      --
      Silence is a state of mime.
    6. Re:Pwnie Express by miknix · · Score: 1

      Not possible, the erection the OP gets is not their own, but belongs to someone else doing 'penetration testing'.

      LOL, that makes perfect sense with today's slashdot quote:
      http://i41.tinypic.com/2mmkp1.jpg

    7. Re:Pwnie Express by Anonymous Coward · · Score: 0
      Haters gonna hate, pwnies gonna pwn

      Where is the -1 Disturbing when you need it?

      One thumbnail to the left: odd, no? :)

    8. Re:Pwnie Express by Anonymous Coward · · Score: 0

      Where is the -1 Disturbing when you need it?

      You mean your post it disturbed everypony?

  2. Any sexual reference by aglider · · Score: 0

    is pretty intentional!

    --
    Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
  3. Shoulda used a GuruPlug Server... by nweaver · · Score: 5, Interesting

    The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.

    And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.

    --
    Test your net with Netalyzr
    1. Re:Shoulda used a GuruPlug Server... by Anonymous Coward · · Score: 4, Informative

      Guru plug has massive heat issues. We tested them extensively.

      Re: phone checkout http://pwnieexpress.com/pwn_phone.html

    2. Re:Shoulda used a GuruPlug Server... by timothy · · Score: 3, Informative

      Internal would be cooler, I agree, but (sorry, it didn't make the video), the Pwnie Express works with both Wi-Fi and 3G dongles. (Not as stealthy, but this is already big enough it wouldn't exactly disappear without camouflage anyhow ;))

      timothy

      --
      jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
    3. Re:Shoulda used a GuruPlug Server... by Anonymous Coward · · Score: 0

      Actually, the SheevaPlug had the massive heat issues. The GuruPlug only had issues if you used both GigE ports at GigE speeds. Which is why they made one just 100.

    4. Re:Shoulda used a GuruPlug Server... by Paracelcus · · Score: 1

      Yes, and "if found" ALL the incoming connections can be backtracked! You should only contact the device from an anonymous number!

      --
      I killed da wabbit -Elmer Fudd
    5. Re:Shoulda used a GuruPlug Server... by operagost · · Score: 1

      And that's why we built a Faraday cage around our mail room. Unfortunately, someone sent us an iPhone with a Sony battery and it burned the place down.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    6. Re:Shoulda used a GuruPlug Server... by bill_mcgonigle · · Score: 1

      3 points. :)

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    7. Re:Shoulda used a GuruPlug Server... by Sancho · · Score: 1

      Or the Gig port and the eSATA port at the same time.

      The fact that they didn't sufficiently test very reasonable use cases made me decide never to buy anything from them again.

  4. Missing Feature by pntkl · · Score: 2

    He didn't say anything about the coveted self-destruct button. > : )

    1. Re:Missing Feature by GameboyRMH · · Score: 1

      sudo echo "SELFDESTRUCT" > /dev/detonator

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  5. You know what else plugs into a 110 VAC socket? by windcask · · Score: 1

    Every computer sold in North America, ever.

    1. Re:You know what else plugs into a 110 VAC socket? by Anonymous Coward · · Score: 0

      Yep. You could load a bootable usb key with pun-testing distro of your choice. But where's the fun (and profit) in that?

    2. Re:You know what else plugs into a 110 VAC socket? by Anonymous Coward · · Score: 0
      only ever worked with peecees, eh sonny?
      Heck, I've seen coompootars that run off batteries, so you're wrong even on that account.

      ACHTUNG! ALLES LOOKENSPEEPERS!

      Das computermachine ist nicht fuer gefingerpoken und mittengrabben. Ist easy schnappen der springenwerk, blowenfusen und poppencorken mit spitzensparken. Ist nicht fuer gewerken bei das dumpkopfen. Das rubbernecken sichtseeren keepen das cotten-pickenen hans in das pockets muss; relaxen und watchen das blinkenlichten.

    3. Re:You know what else plugs into a 110 VAC socket? by Anonymous Coward · · Score: 0

      While I don't have a specific counterexample, I'm quite certain you're wrong.

      You seem to forget computers existed before the home computer market. All those old minis and mainframes; you're telling me none of them ran on 220V? Bullshit.

    4. Re:You know what else plugs into a 110 VAC socket? by The+Grim+Reefer · · Score: 1

      Just try plugging a Cray-1 into a 110 line. It'll pull 115 kW with the memory maxed out. That would be over 1000 amps on a 110 line.

    5. Re:You know what else plugs into a 110 VAC socket? by Anonymous Coward · · Score: 0

      Why don't you plug yourself into a 110 line

  6. I hope by unsanitary999 · · Score: 0

    I hope they create an "upsell" service or product and they call it the "Pwn15 Club"

  7. Where's the Line? by sycodon · · Score: 4, Insightful

    In some states, possession of tools for picking locks or breaking into cars is illegal. Sure, they can have legitimate uses, but at some point government decided that the potential illegal uses far outweighed the legal uses and subsequently outlawed them

    Now look at this device. Seemingly innocent with a legitimate purpose, but apparently a perfect platform for more nefarious use.

    So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network? Should it ever be considered that?

    If not, what additional software or form factor enhancements would change your mind?

    Discuss amongst yourselves.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Where's the Line? by g0bshiTe · · Score: 4, Insightful

      The problem is that this needs to be plugged in physically. So you would need a patsy to plug it in or physical access. On the other hand by your thinking since I can carry a usb stick with the same toolset it should be illegal as well, but since usb sticks have legitimate uses they are allowed, how would one know it was a nefarious hacking tool, without violating my privacy by asking me to expose the data it contained?

      Slimjims and lockpick sets are not as easily dismissed as innocuous. I do see your parallel.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    2. Re:Where's the Line? by sycodon · · Score: 1

      I was actually thinking about the utility provided by having the OS installed an operable on such a device.

      But your point is still valid because you can't know what's on the device without looking in a manner that is far more intrusive than just checking out the back seat of a car.

      Interesting.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    3. Re:Where's the Line? by Jawnn · · Score: 1

      Context, as in the role of those possessing lock-picks and slim-jims, is everything. The locksmith or the tow-truck driver (whom AAA sends when I lock my keys in the car), has a perfectly legit reason to carry those tools. Same goes for things like nmap or nikto.

    4. Re:Where's the Line? by Anonymous Coward · · Score: 0

      For unlocking most cars, all you need is a blood pressure cuff and a stick.

    5. Re:Where's the Line? by Anonymous Coward · · Score: 0

      Uhh, don't locksmiths generally have lock picks and slimjims?

    6. Re:Where's the Line? by Mister+Whirly · · Score: 3, Insightful

      At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

      The moment it is actually used to illegally break into a network, and never before it happens. Devices themselves have no intent and therefore cannot be "evil" until put to an "evil" use. If you have permission to do testing, using a device like this can be a great tool.

      --
      "But this one goes to 11!"
    7. Re:Where's the Line? by Anonymous Coward · · Score: 0

      or a hammer

    8. Re:Where's the Line? by HTH+NE1 · · Score: 1

      So you would need a patsy to plug it in or physical access.

      That would be easier if it doubled as a USB charger.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    9. Re:Where's the Line? by Anonymous Coward · · Score: 0

      Well, not entirely accurate.
      In many states it is illegal to own or carry lock picks / car tools, etc. UNLESS you are a working in that field (i.e. locksmith, tow truck driver, etc.).
      After all a locksmith without a pick will do you no good when you lose the keys to your house, so someone is allowed.

      So your analogy should be that this device should only be sold to "security" professionals.
      With locksmith tools the seller is generally required to get proof that the buyer of the tools is acceptable.

      Now here the line becomes grey because the states do not directly license those professions so it is possible to have locksmith credentials (a business card or letterhead in some areas) or other reasonably easy to create proof that you are one of the "good guys".
      I suspect the same could be true in this case.

      Mere possession is rarely concrete proof of bad intent and proof of lawful right to posses can be difficult to regulate.

    10. Re:Where's the Line? by Anonymous Coward · · Score: 0

      ^This. FOREVER this.

      Criminalize behavior, not tools.

    11. Re:Where's the Line? by RoknrolZombie · · Score: 2

      So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

      When a crime is committed. Until then, no laws have been broken. As much as our government would like to think that they can prevent crimes by banning items that could be used in a crime, until a crime is committed they are infringing on the rights of the Americans in question.

      I know that's not how it works in real life. I understand (although disagree) with that line of thinking...I'm just one of those that believes that until a crime is committed, you don't have a criminal.

    12. Re:Where's the Line? by operagost · · Score: 1

      Please let the radical gun control advocates know.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    13. Re:Where's the Line? by Rasperin · · Score: 1

      "Guns don't kill people. People kill people."

      --
      WTF Slashdot, why do I have to login 50 times to post?
    14. Re:Where's the Line? by VortexCortex · · Score: 1

      "Guns don't kill people. People kill people."

      Automated Guns don't kill people. Installers of Automated Guns kill people.
      AI doesn't kill people. People convince AI that killing people is fun.
      Sentient Machines don't kill people, People are extinct.

      Mission complete.

    15. Re:Where's the Line? by RoknrolZombie · · Score: 1

      Yeah, well, if the world were mine to control it would be a vastly different place. There are a whole lot of people that could benefit from understanding the difference between a criminal act and an object, but obviously our Public School system is failing in the areas of logic and reason (among others).

  8. Oblig by g0bshiTe · · Score: 3, Funny

    ZoMg pWniez

    --
    I am Bennett Haselton! I am Bennett Haselton!
    1. Re:Oblig by Anonymous Coward · · Score: 0

      You nearly made me spit out my drink. +1 internet to you!

    2. Re:Oblig by Anonymous Coward · · Score: 0

      Interestingly, my primary domain is zomgponies.com :)

  9. Stick one to the side of a big pirnter / copier by Joe_Dragon · · Score: 2

    Stick one to the side of a big pirnter / copier maybe put a HP sticker or some vender sticker on it and it can blend in. Even better if you have one with duel Ethernet ports on it.

    1. Re:Stick one to the side of a big pirnter / copier by Joehonkie · · Score: 3, Funny

      Even better if you have one with duel Ethernet ports on it.

      The ethernet ports would fight each other?

    2. Re:Stick one to the side of a big pirnter / copier by Thanshin · · Score: 2

      Even better if you have one with duel Ethernet ports on it.

      The ethernet ports would fight each other?

      Yes. And every time a punch lands they both must stop for a random amount of time.

    3. Re:Stick one to the side of a big pirnter / copier by Gothmolly · · Score: 1

      What do you think "collision" means?

      --
      I want to delete my account but Slashdot doesn't allow it.
    4. Re:Stick one to the side of a big pirnter / copier by the_fat_kid · · Score: 2

      ah, to reminisce about the old Apple Talk networks...

      --
      -- Sig under construction...
    5. Re:Stick one to the side of a big pirnter / copier by roc97007 · · Score: 1

      Even better, put a "removal violates warranty" sticker on it.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    6. Re:Stick one to the side of a big pirnter / copier by operagost · · Score: 1

      The token ring version comes from a more civilized time, when the ports must take turns hitting each other. Fisticuffs!

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
  10. Good name by gzipped_tar · · Score: 1

    Good luck explaining to the corporate suites what a "pwn" is.

    --
    Colorless green Cthulhu waits dreaming furiously.
    1. Re:Good name by Sez+Zero · · Score: 2

      Good luck explaining to the corporate suites what a "pwn" is.

      Luckily I don't have to justify my purchases to a type of hotel room or musical piece

      But if my boss did wear a suit, I'm probably say something like "Professional Wireless Network". "Pro Whiteboard Notes" and "insert PHB catch-phrase buzzword here" would probably also work.

    2. Re:Good name by Anonymous Coward · · Score: 0

      Good luck explaining what a "suite" means in that context...

    3. Re:Good name by Anonymous Coward · · Score: 0

      How about "Porn Watchers Network?"

  11. What about exterior/lobby outlets? by kannibul · · Score: 1

    I have them on my house. Most businesses have them outside their doors. How easy would it be to just walk up to a building you want to crack....how many banks have wifi that touches the "real" network? How many of those have outlets in the lobby area or on the exterior of the building that's close enough for wifi? The potential for bad is far greater than for good...the thing should at least be required to make a beeping noise every couple minutes...

    1. Re:What about exterior/lobby outlets? by Anonymous Coward · · Score: 0

      The potential for bad is far greater than for good...the thing should at least be required to make a beeping noise every couple minutes...

      Yeah, cause anyone planning to use this for nefarious ends will definitely not think to pop the case and remove the offending buzzer? Oh, sorry, you said "required", meaning it might be breaking the law to remove the buzzer. Well, that'll stop 'em for sure.

    2. Re:What about exterior/lobby outlets? by PPH · · Score: 1

      Parking lot. Car. Laptop plugged into auto's 12V.

      This does nothing that can't be done with current tech. Other than hang around for a few days while the suspicious vehicle parked overnight gets towed.

      --
      Have gnu, will travel.
    3. Re:What about exterior/lobby outlets? by kannibul · · Score: 1

      If filled with epoxy, it's amazing to what level of PITA it would be to disable said buzzer, especially if chipping off epoxy manages to break PCB traces.

    4. Re:What about exterior/lobby outlets? by kannibul · · Score: 1

      Agreed, just a car is a bit 'bigger' than a wall-wart sized device that does the same thing.

  12. Etherkiller wins by Anonymous Coward · · Score: 0

    http://fun.net.pl/_fun/Zestawy_2010/2010-09-07/etherkiller.jpg

    This would defeat any ethernet port. You might get some casualties among investigating network engineers as a bonus.

  13. Meh by ajlitt · · Score: 1

    I was more amused by the slogan of the next booth over in the video, "Security at the speed of Innovation". What the hell does that even mean?

    1. Re:Meh by Yvan256 · · Score: 1

      Same thing as PC LOAD LETTER.

    2. Re:meh by SeNtM · · Score: 1

      No, only Bitcoin.

      --
      "There ought to be limits to freedom." -George W. Bush
  14. Some similar, less expensive projects by bongk · · Score: 1

    The MiniPwner is a similar device built on a TP Link TL-Wr703N router, so you can build one for under $40. http://www.minipwner.com/

    Also Hak5 has had their Wifi Pineapple available for a few years that is similar, however their MarkIV version which should come out really soon I think will trump both the Pwnie Express and the MiniPwner. http://hakshop.myshopify.com/products/wifi-pineapple

  15. Slashdot penetration testing by Anonymous Coward · · Score: 0

    If it comes straight from Roblimo, is it suddenly not a revenue-boosting advertisement? News might be the use of this in some noteworthy fashion, otherwise the mere existence of the device is not unique, as others in the thread have pointed out.

  16. Pwnie Express Pwn Phone by Anonymous Coward · · Score: 0

    The plug is cool in my opinion, but I think the Pwn Phone is much more awesome. As of right now, a cellular device, if you can even really call the N900 just that, is extremely discrete and useful. I feel it usefulness spawns from the fact that it is pretty much invisible. Who isn't glued to the screen of their smartphone? I know that I personally don't even give those glued to their smartphone's a second look, but if I see someone on their laptop sitting around the building I feel it is worth looking into and even more so if they have an external wireless card such as an Alfa.
    What do you guys think?

  17. plugbot by Anonymous Coward · · Score: 0

    but it doesn't have an API and mangement system like http://theplugbot.com

  18. meh by Anonymous Coward · · Score: 0

    Is it just me or does anyone else immediately disqualify a company that uses PayPal as their sole payment processor?