Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealthy Pen Test Unit Plugs Directly Into 110 VAC Socket (Video)

Posted by Roblimo on from the monitor-your-people-without-them-ever-finding-out dept.

Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices. Their website says, 'Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses.' Hardware buffs will recognize this unit as a SheevaPlug, but the value-add is that it's preloaded with Ubuntu Linux and and a rich suite of intrusion/testing tools. The company's 'Founder and CEO and everything else' is Dave Porcello. The video is an interview with Dave, in which he shows off and demonstrates some Pwnie Express products.

45 of 74 comments (clear)

  1. Re:Pwnie Express by Anonymous Coward · · Score: 2, Funny

    Where is the -1 Disturbing when you need it?

  2. Re:Pwnie Express by miknix · · Score: 5, Funny

    Okay, that's pretty cheesy. But I'll admit it did make me giggle.

    When I giggle I also get an erection. But that's probably irrelevant information.

    Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

  3. Re:Pwnie Express by gtch · · Score: 2, Insightful

    But is that funnier than the fact there are people in offices all over the world talking about "Penetration Testing" with a straight face?

  4. Shoulda used a GuruPlug Server... by nweaver · · Score: 5, Interesting

    The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.

    And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.

    --
    Test your net with Netalyzr
    1. Re:Shoulda used a GuruPlug Server... by Anonymous Coward · · Score: 4, Informative

      Guru plug has massive heat issues. We tested them extensively.

      Re: phone checkout http://pwnieexpress.com/pwn_phone.html

    2. Re:Shoulda used a GuruPlug Server... by timothy · · Score: 3, Informative

      Internal would be cooler, I agree, but (sorry, it didn't make the video), the Pwnie Express works with both Wi-Fi and 3G dongles. (Not as stealthy, but this is already big enough it wouldn't exactly disappear without camouflage anyhow ;))

      timothy

      --
      jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
    3. Re:Shoulda used a GuruPlug Server... by Paracelcus · · Score: 1

      Yes, and "if found" ALL the incoming connections can be backtracked! You should only contact the device from an anonymous number!

      --
      I killed da wabbit -Elmer Fudd
    4. Re:Shoulda used a GuruPlug Server... by operagost · · Score: 1

      And that's why we built a Faraday cage around our mail room. Unfortunately, someone sent us an iPhone with a Sony battery and it burned the place down.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    5. Re:Shoulda used a GuruPlug Server... by bill_mcgonigle · · Score: 1

      3 points. :)

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    6. Re:Shoulda used a GuruPlug Server... by Sancho · · Score: 1

      Or the Gig port and the eSATA port at the same time.

      The fact that they didn't sufficiently test very reasonable use cases made me decide never to buy anything from them again.

  5. Missing Feature by pntkl · · Score: 2

    He didn't say anything about the coveted self-destruct button. > : )

    1. Re:Missing Feature by GameboyRMH · · Score: 1

      sudo echo "SELFDESTRUCT" > /dev/detonator

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  6. You know what else plugs into a 110 VAC socket? by windcask · · Score: 1

    Every computer sold in North America, ever.

    1. Re:You know what else plugs into a 110 VAC socket? by The+Grim+Reefer · · Score: 1

      Just try plugging a Cray-1 into a 110 line. It'll pull 115 kW with the memory maxed out. That would be over 1000 amps on a 110 line.

  7. Where's the Line? by sycodon · · Score: 4, Insightful

    In some states, possession of tools for picking locks or breaking into cars is illegal. Sure, they can have legitimate uses, but at some point government decided that the potential illegal uses far outweighed the legal uses and subsequently outlawed them

    Now look at this device. Seemingly innocent with a legitimate purpose, but apparently a perfect platform for more nefarious use.

    So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network? Should it ever be considered that?

    If not, what additional software or form factor enhancements would change your mind?

    Discuss amongst yourselves.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Where's the Line? by g0bshiTe · · Score: 4, Insightful

      The problem is that this needs to be plugged in physically. So you would need a patsy to plug it in or physical access. On the other hand by your thinking since I can carry a usb stick with the same toolset it should be illegal as well, but since usb sticks have legitimate uses they are allowed, how would one know it was a nefarious hacking tool, without violating my privacy by asking me to expose the data it contained?

      Slimjims and lockpick sets are not as easily dismissed as innocuous. I do see your parallel.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    2. Re:Where's the Line? by sycodon · · Score: 1

      I was actually thinking about the utility provided by having the OS installed an operable on such a device.

      But your point is still valid because you can't know what's on the device without looking in a manner that is far more intrusive than just checking out the back seat of a car.

      Interesting.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    3. Re:Where's the Line? by Jawnn · · Score: 1

      Context, as in the role of those possessing lock-picks and slim-jims, is everything. The locksmith or the tow-truck driver (whom AAA sends when I lock my keys in the car), has a perfectly legit reason to carry those tools. Same goes for things like nmap or nikto.

    4. Re:Where's the Line? by Mister+Whirly · · Score: 3, Insightful

      At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

      The moment it is actually used to illegally break into a network, and never before it happens. Devices themselves have no intent and therefore cannot be "evil" until put to an "evil" use. If you have permission to do testing, using a device like this can be a great tool.

      --
      "But this one goes to 11!"
    5. Re:Where's the Line? by HTH+NE1 · · Score: 1

      So you would need a patsy to plug it in or physical access.

      That would be easier if it doubled as a USB charger.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    6. Re:Where's the Line? by RoknrolZombie · · Score: 2

      So I pose the question: At what point should possession a device like this or derivatives be considered to be a defacto indication of intention to illegally break into a network?

      When a crime is committed. Until then, no laws have been broken. As much as our government would like to think that they can prevent crimes by banning items that could be used in a crime, until a crime is committed they are infringing on the rights of the Americans in question.

      I know that's not how it works in real life. I understand (although disagree) with that line of thinking...I'm just one of those that believes that until a crime is committed, you don't have a criminal.

    7. Re:Where's the Line? by operagost · · Score: 1

      Please let the radical gun control advocates know.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    8. Re:Where's the Line? by Rasperin · · Score: 1

      "Guns don't kill people. People kill people."

      --
      WTF Slashdot, why do I have to login 50 times to post?
    9. Re:Where's the Line? by VortexCortex · · Score: 1

      "Guns don't kill people. People kill people."

      Automated Guns don't kill people. Installers of Automated Guns kill people.
      AI doesn't kill people. People convince AI that killing people is fun.
      Sentient Machines don't kill people, People are extinct.

      Mission complete.

    10. Re:Where's the Line? by RoknrolZombie · · Score: 1

      Yeah, well, if the world were mine to control it would be a vastly different place. There are a whole lot of people that could benefit from understanding the difference between a criminal act and an object, but obviously our Public School system is failing in the areas of logic and reason (among others).

  8. Oblig by g0bshiTe · · Score: 3, Funny

    ZoMg pWniez

    --
    I am Bennett Haselton! I am Bennett Haselton!
  9. Stick one to the side of a big pirnter / copier by Joe_Dragon · · Score: 2

    Stick one to the side of a big pirnter / copier maybe put a HP sticker or some vender sticker on it and it can blend in. Even better if you have one with duel Ethernet ports on it.

    1. Re:Stick one to the side of a big pirnter / copier by Joehonkie · · Score: 3, Funny

      Even better if you have one with duel Ethernet ports on it.

      The ethernet ports would fight each other?

    2. Re:Stick one to the side of a big pirnter / copier by Thanshin · · Score: 2

      Even better if you have one with duel Ethernet ports on it.

      The ethernet ports would fight each other?

      Yes. And every time a punch lands they both must stop for a random amount of time.

    3. Re:Stick one to the side of a big pirnter / copier by Gothmolly · · Score: 1

      What do you think "collision" means?

      --
      I want to delete my account but Slashdot doesn't allow it.
    4. Re:Stick one to the side of a big pirnter / copier by the_fat_kid · · Score: 2

      ah, to reminisce about the old Apple Talk networks...

      --
      -- Sig under construction...
    5. Re:Stick one to the side of a big pirnter / copier by roc97007 · · Score: 1

      Even better, put a "removal violates warranty" sticker on it.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    6. Re:Stick one to the side of a big pirnter / copier by operagost · · Score: 1

      The token ring version comes from a more civilized time, when the ports must take turns hitting each other. Fisticuffs!

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
  10. Re:Pwnie Express by wbr1 · · Score: 1, Offtopic

    Okay, that's pretty cheesy. But I'll admit it did make me giggle.

    When I giggle I also get an erection. But that's probably irrelevant information.

    Do you also giggle when you get an erection? That can be dangerous, you can die of exploding penis due to infinite recursion.

    Not possible, the erection the OP gets is not their own, but belongs to someone else doing 'penetration testing'.

    --
    Silence is a state of mime.
  11. Good name by gzipped_tar · · Score: 1

    Good luck explaining to the corporate suites what a "pwn" is.

    --
    Colorless green Cthulhu waits dreaming furiously.
    1. Re:Good name by Sez+Zero · · Score: 2

      Good luck explaining to the corporate suites what a "pwn" is.

      Luckily I don't have to justify my purchases to a type of hotel room or musical piece

      But if my boss did wear a suit, I'm probably say something like "Professional Wireless Network". "Pro Whiteboard Notes" and "insert PHB catch-phrase buzzword here" would probably also work.

  12. What about exterior/lobby outlets? by kannibul · · Score: 1

    I have them on my house. Most businesses have them outside their doors. How easy would it be to just walk up to a building you want to crack....how many banks have wifi that touches the "real" network? How many of those have outlets in the lobby area or on the exterior of the building that's close enough for wifi? The potential for bad is far greater than for good...the thing should at least be required to make a beeping noise every couple minutes...

    1. Re:What about exterior/lobby outlets? by PPH · · Score: 1

      Parking lot. Car. Laptop plugged into auto's 12V.

      This does nothing that can't be done with current tech. Other than hang around for a few days while the suspicious vehicle parked overnight gets towed.

      --
      Have gnu, will travel.
    2. Re:What about exterior/lobby outlets? by kannibul · · Score: 1

      If filled with epoxy, it's amazing to what level of PITA it would be to disable said buzzer, especially if chipping off epoxy manages to break PCB traces.

    3. Re:What about exterior/lobby outlets? by kannibul · · Score: 1

      Agreed, just a car is a bit 'bigger' than a wall-wart sized device that does the same thing.

  13. Meh by ajlitt · · Score: 1

    I was more amused by the slogan of the next booth over in the video, "Security at the speed of Innovation". What the hell does that even mean?

    1. Re:Meh by Yvan256 · · Score: 1

      Same thing as PC LOAD LETTER.

    2. Re:meh by SeNtM · · Score: 1

      No, only Bitcoin.

      --
      "There ought to be limits to freedom." -George W. Bush
  14. Some similar, less expensive projects by bongk · · Score: 1

    The MiniPwner is a similar device built on a TP Link TL-Wr703N router, so you can build one for under $40. http://www.minipwner.com/

    Also Hak5 has had their Wifi Pineapple available for a few years that is similar, however their MarkIV version which should come out really soon I think will trump both the Pwnie Express and the MiniPwner. http://hakshop.myshopify.com/products/wifi-pineapple

  15. Re:Pwnie Express by miknix · · Score: 1

    Not possible, the erection the OP gets is not their own, but belongs to someone else doing 'penetration testing'.

    LOL, that makes perfect sense with today's slashdot quote:
    http://i41.tinypic.com/2mmkp1.jpg