PWNIE EXPRESS! This is hilarious, and real!

DonationCoder.com Forum

Main Area and Open Discussion

Living Room

PWNIE EXPRESS! This is hilarious, and real!

Pages: [1] Go Down

« previous next »

Reply | New Topic | Print

Author

Topic: PWNIE EXPRESS! This is hilarious, and real! (Read 4152 times)

Renegade

Charter Member

Posts: 8,568

Tell me something you don't know...

Give some DonationCredits to this forum member

PWNIE EXPRESS! This is hilarious, and real!

« on: July 03, 2011, 04:43:41 PM »

A friend of mine shot me this link:

http://pwnieexpress.com/wireless.html

Quote

Pwn Plug Wireless

A commercial-grade wireless pentesting drop box.

:: Includes an external 1000mW USB ALFA
:: Karmetasploit Evil AP mode!
:: Auto-crack all WEP networks in range! (WEPbuster)
:: Maintains a covert, encrypted, firewall-busting backdoor into your target network [Details]
:: Includes "Plug UI" for simple web-based setup
:: Tunnels through application-aware firewalls & IPS
:: Sends an SMS message when SSH tunnel is activated
:: Preloaded with Ubuntu, Kismet, Aircrack-NG, WEPbuster, Karma, Metasploit, SET, Fasttrack, SSLstrip, nmap, dsniff, netcat, scapy, ettercap, medusa, & more!
:: Unpingable and no listening ports in stealth mode

Nice.


	Logged

Slow Down Music - Super Simple - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Stephen66515

Animated Giffer in Chief
Honorary Member

Posts: 2,317

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #1 on: July 03, 2011, 04:50:57 PM »

o_0


	Logged

No trees were harmed during the creation of this message. Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss

40hz

Supporting Member

Posts: 8,502

/away

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #2 on: July 04, 2011, 01:06:58 AM »

Why am I a little skeptical about this?

Maybe it's this:

Or this (Marvell's Sheeva Plug computer - picture directly taken from Marvell's sales brochure)

(Note: I guess you could set it up as a "pen box" since the Sheeva Plug is a Linux PC. All it would take is to load it up with a free copy of BackTrak or a similar NIX 'security' distro. But you can also run BackTrak off a live DVD (or a USB drive) using any computer so I'm not sure what the advantage of putting it on it's own plug computer would be. Unless maybe you were planning on quietly slipping it in someplace you shouldn't, and then accessing it remotely? )

Then there's the Go Daddy private registration on the website...(a security firm uses Go Daddy as their registrar?)

It's also weird (to me) how Rapid Focus Security, LLC of 27 French Street, Barre, VT - (the alleged operator of the website) doesn't show up as a registered corporation in Vermont. They could be registered in another state. But checking the usual corporate shell registration places like Nevada and Delaware comes up blank. Nothing in shows up for Nevada. (Can't check Delaware until Tuesday since they only allow online corporate registration verifications during regular business hours.)

Or the fact there's no phone number or contact information on the webpage - or a street address - or any company history or related info - or...

There might be a reason why they're so 'invisible.' But I'm always a little concerned when a security company is totally stealthed, and doesn't at least have a token 'front office' that's out in plain sight.

It also strikes me as odd they offer intrusion assessment and penetration testing services - and then list some recent clients. (Most big corporations like Cisco have a confidentiality clause in their contracts that forbids vendors from using their name in any marketing activities. Especially if it's security related, in which case the vendor is usually contractually forbidden from even saying they did work for the corporation.)

Dunno...I could be wrong...but I'm a little leery about this. Cry


« Last Edit: July 04, 2011, 02:09:38 AM by 40hz »	Logged

[ may-june 2013 ad experiment; click here to learn more about donationcoder.com ]

zridling

Friend of the Site
Charter Member

Posts: 3,280

Linux captive

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #3 on: July 04, 2011, 02:20:14 AM »

Kevin Mitnick is quoted. Isn't that the hacker that went to jail and is never allowed near the internet for life?


	Logged

- zaine (on Google+)

40hz

Supporting Member

Posts: 8,502

/away

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #4 on: July 04, 2011, 06:46:47 AM »

Quote from: zridling on July 04, 2011, 02:20:14 AM

Kevin Mitnick is quoted. Isn't that the hacker that went to jail and is never allowed near the internet for life?

The same.

The lifetime ban on internet use got overturned by the courts following his release from prison. There are different stories as to why he was able to cut a deal. One rumor has it this deal got made in exchange for him not pursuing a civil rights case against the government for its questionable act of holding him in solitary confinement for something like most of a year because somebody convinced prison officials he would be able to start a nuclear war if he so much as sat in the same room with a telephone. Other stories cite the inconvenient fact (for prosecutors) that he already served 4 years in prison (on pre-trial detention) before his case even got to court. (Note: The US still had a functioning Bill of Rights back then. Today Kevin Mitnick would wind up being classified as an "enemy combatant" and disappear into some non-existent government detention facility where he would soon learn that there are no secrets to be kept from an angry government. *Splash!!!*)

But he's since seen the error of his ways. Jail cells and solitary confinement can do that to ya! He now writes books, consults, and speaks publicly on computer security topics.

There really is a Mitnick Security Consulting LLC btw:

Quote

Mitnick Security Consulting, LLC is a full-service information security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers a comprehensive range of services to help businesses protect their valuable assets. read more >>

I just wonder if that Pwnie testimonial is real.

Cool


« Last Edit: July 04, 2011, 07:59:56 AM by 40hz »	Logged

J-Mac

Supporting Member

Posts: 2,681

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #5 on: July 10, 2011, 11:51:27 AM »

I read his book, "The Art of Deception" and yes, he does have quite a few tall tales in it!

Jim


	Logged

J-Mac

40hz

Supporting Member

Posts: 8,502

/away

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #6 on: July 10, 2011, 01:02:10 PM »

Quote from: J-Mac on July 10, 2011, 11:51:27 AM

I read his book, "The Art of Deception" and yes, he does have quite a few tall tales in it!

Jim

+1! There's a whole lotta BS being slung around.

That's the problem when you deal with hackers and cybersecurity stories. Everybody - and I mean everybody - from the hackers, to the "white hats" - to the agents of the law enforcement community itself - all exaggerate wildly about the events and exploits they were involved with - along with the significance of what actually went down.

About the only thing you can count on is they all want to magnify their individual roles (and importance) in the eyes of their peers, their superiors, and the general public.

undecided


« Last Edit: July 10, 2011, 01:06:30 PM by 40hz »	Logged

pwnieexpress

Participant

Posts: 1

Re: PWNIE EXPRESS! This is hilarious, and real!

« Reply #7 on: August 15, 2011, 08:03:39 PM »

Hi!

I work for Pwnie Express and I just wanted to reach out into this community and address a couple things people said in this thread:

First of all, we are very small and so getting sudden exposure is certainly revealing the fact that we are a tiny startup which is a group of friends. Just gonna run through a few points in the thread above

Kevin Mitnick did buy a plug and that was a quote from him after he bought the plug. Before buying it he sent this tweet: https://twitter.com/#!/kevinmitnick/status/42370853526175744

Also, Mitnick did go to jail but he is out and we just saw him quite a bit ad Defcon 19 where we were vendors. We sold over 200 plugs and quite a few of the Pwn Phones -- a mobile pentesting platform build on the Nokia N900 platform..

The plug is indeed based on the Marvell Sheeva Plug hardware. We purchase the plugs from GlobalScale who manufactures them and then flash them with our own image (build on Ubuntu) with our own custom software. We have been working on adding other grpahics besides just those from the manufacturer to the pages.

The domain was registered by a friend who is a webdeveloper when we were quite small. At some point in the future we will tranfer the domain registration to the LLC itself and make that information public. Good point tho!

Final point regarding our list of clients: the high profile clients we listed are indeed clients but they are hardware clients, not clients who we have provided infosec services to. In the case of Cisco we saw no reason not to list them because we are partnering with them in certain ways. At Black Hat Cisco gave out some of our PwnPhones as a prize for a contest at their vendor booth. Check out: http://blog.pwnieexpress.com/post/8974758207/black-hat-interview-with-cbs

Regarding the validity of our company you can search for Pwnie Express here : http://www.sec.state.vt.us/seek/keysrch.htm

If anyone has any other specific questions (or skepticism!) please feel free to respond in this thread or reach out to use directly by emailing info {AT} pwnieexpress [dot] com

Thanks for your time!

The Pwnie Express Team