Pwnie Express Releases Android-Based Network Hacking Kit 35
At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express
will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.
Re: (Score:2)
You are surely of God of Trolls, whomever you are. I have had stupid arguments with and bitten the troll apk many times.
I liked how you got it just long enough to display all the content, and yet the Slashdot renderer still teased me with "Read the rest of this comment" or whatever it says.
You had this ready for the next article to appear, didn't you? Helluva copypasta, baby!
Re: (Score:2)
what you did there
i see it
1st time got it working? (Score:2)
Re:1st time got it working? (Score:5, Informative)
Chrooting has been around since the first android device (ADP/G1). The problem is having a driver that enables monitor mode.
nt (Score:4, Funny)
My little pwnie, my little pwnie
Ah ah ah ahh ahhhhhhhhh!
Myyy little pwnie!
Re: (Score:3)
You have one too many "ah"s in there.
Dammit, why did I know that from memory?
What jumped out at me (Score:2)
“I even called them and said we’d like to purchase 10,000 iPads, but we’d need to modify [iOS] slightly,” Porcello says.
Apple said “no.”
Translated: We don't want your $7million, since you're not just going to hand it over. You don't want our product, you want a customized product.
Re: (Score:2)
Translated: We'd like you to provide us with a customized version of your product, which we know you're not set up to do. We'd like to pay wholesale prices for it too, please.
Dear Editors (Score:3)
Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.
Re: (Score:2)
Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.
Uh? I'd say the sentence does show a lot of respect with regards to the device in question, doesn't it?
Re: Dear Editors (Score:1)
No, it really doesn't. Same with the name, Pwnie.
Childless leet-speak. Nothing more
Re: (Score:3)
The submission quotes from the wired article, specifically the first and third paragraphs. It's not kosher to delete words from direct quotes just because they're "hype", and might even be improper in this case (because the phrasing comes from the wired article and conveys how the writer of the article feels about the device, which gives important information for the reader). Of course, that doesn't mean a clever editor could jump in anyways with ellipsis and such, but ellipsis are ugly and in this case the
Umm, did you RTFA? (Score:1)
It's still running Android.
Re: (Score:2)
Yay, a decent OS to run on my Nexus 7
It's still running Android.
This product ships with Android OS 4.2 and Ubuntu 12.04 to run the full range of tools.
While the specs have not been released, I suspect that the Android ships with a mainline kernel instead of Google's Linux Kernel for Android to include glibc, full Wi-Fi support and all GNU libraries. Also, su, a complete different repo/store and stripped of everything Google.
So, same OS, different Version, complete different Distro.
Re: (Score:2)
Go on fanboys, mod me down for being right, I own one and have had to return it once thanks to faulty hardware and wait months for them to fix 4.2 to deal with Bluetooth even remotely stably and for it to bring up the start screen icons in less than ten seconds. Before anyone starts spouting the fanboy line I should not have to root it, mod it or reflash it to make the damn thing work reasonably.
I'd buy one (Score:4, Insightful)
A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.
Frankly, I think that's a lot of work. Possibly more than $800 worth of work at standard IT wages. I think every corporate IT department should invest in one of these, it would seriously improve network security on the whole.
Re:I'd buy one (Score:5, Insightful)
Re: (Score:3)
Re:I'd buy one (Score:5, Informative)
What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?
NFC: Monitor/Manipulate Contactless Payment Systems, Smart Tags and Mobile Devices (i.e: Force pair a Nokia)
Form Factor: Easily concealable and can be powered via USB. Easily turn off screen when someone is shoulder surfing
Connectivity: High Speed Mobile Data and superior network management. Ever since BT moved away from SLAX, falling back to WiFi when 3g drops has become unreliable. Multiband Radio makes it more likely to get a signal in a high security building
OS: BT5 for ARM is still not the best. Many tools are buggy and won't even run on a range of devices. Android is attracting quite a few developers meaning we are likely to see new tools on Android before BackTrack, Ubuntu or Debian Repositories. Making from source isn't viable when you are often working against the clock. BT5, being Ubuntu based, is a full desktop environment and it takes a lot of work to trim the fat. If you are talking about BT5 on an x86 laptop then the next point is amplified
Battery: Battery Life is likely much better on the Nexus than a cheap laptop. For reconnaissance, one may need to keep the device powered for hours or even days. Many cafes and bars will offer charging stations. Finding a power point on the other hand can be challenging, especially if one is trying to keep a low profile
Support: While the community-driven support for BT5 (and linux in general) is great, it is unlikely they can offer support for the particular device you are on (in a timely manner at least). Got an issue with this device, check the forums or get Live Chat Support
Crunching: Modern ARM SOC's have great number crunching ability, especially those found on mobile devices as there is a focus on graphics ability and not on economy
All my pentesting is done from either an x86 desktop (in a vehicle) or my Galaxy SIII. I find that laptops continually under-perform and have too many trade-offs. I only use them when the conditions require that I must.
Re: (Score:2)
Far more interestingly: If they can do this on an android tablet, they can do it on an android phone. That's even more discrete, and quite probably just as usable.
Re: (Score:2)
Re: (Score:2)
You don't type much while you're pentesting?
I use my desktop for preparation, execution and monitoring while the mobile device is normally taped under someone's desk, left charging at the lobby cafe or simply in lost property depending on the assignment
I prefer security and IT to be unaware that the audit will be performed, as they would be in a malicious attack.
Re:I'd buy one (Score:4, Informative)
I'd make my own Pwnie plug instead.
The software ought to run on the standard Pogoplug. which is $20.
Re: (Score:2)
A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.
Rooting is inadequate for anything other than basic sniffing and WEP-cracking.
On these devices, the bastardized Wi-Fi drivers are compiled into the kernel which is stored in ROM. In order to do any kind of packet injection, deauth attack or to use monitor mode, a custom kernel hence a custom ROM will be required. For those with a locked bootloader, that will be yet another step.
Re: (Score:1)
Hail the n900 (Score:1)
The king of mobile pentesting is the n900. Aircrack-ng has been working for ages, even with packet injection if you can find the patched drivers. Metasploit also runs as do tools like dsniff and ettercap
Re: (Score:2)
Pwnie express is selling one of those, too. And it even seems to come with a copy of my very own BackupMenu, so it's easy to restore if it breaks etc.