topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 8:34 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: PowerPwn: Power strip by day, Hacking device by night!  (Read 10489 times)

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
PowerPwn: Power strip by day, Hacking device by night!
« on: July 22, 2012, 07:53 AM »
untitled.jpg

As a pen testing enthusiast, this device is high on my "Awesome stuff-o-meter".

The Power Pwn may look like an ordinary power strip, maybe with an included surge protector, but it's far from it. Network administrators and IT staff in general need to be wary of this one: it can do much more than meets the eye.

The Defense Advanced Research Projects Agency (DARPA)'s Cyber Fast Track program helped funded the development of the Power Pwn. Pwnie Express, which developed the $1,295 gizmo, says it's "a fully-integrated enterprise-class penetration testing platform." That's great, but the company also notes its "ingenious form-factor" (again, look at the above picture) and "highly-integrated/modular hardware design," which to me translates to: it's the perfect tool for hacking a corporate network.

Source

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #1 on: July 22, 2012, 08:16 AM »
I don't know which part is more clever. The device itself - or the fact some enterprising contractor suckered the US government into shelling out $1,295 apiece for a device that should sell for something more like $400-$600 worst case.

I'll bet it runs some flavor of Linux and violates GPL too! ;D

"a fully-integrated enterprise-class penetration testing platform."

Question: If it's a "testing platform" why did they feel the need go to such lengths to disguise its appearance? :P
 

There's no rest for the wicked...8)


Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #2 on: July 22, 2012, 08:28 AM »
It runs debian 6, as is mentioned at the source ;-)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #3 on: July 22, 2012, 08:31 AM »
It runs debian 6, as is mentioned at the source ;-)

Bingo! ;D  Good choice of distro btw. :Thmbsup:

r0bert0

  • Participant
  • Joined in 2013
  • *
  • Posts: 4
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #4 on: January 19, 2013, 08:07 PM »
another guy made something similar, but for the price you will like better, i think it was 700 bucks (:

thats da thing:

http://www.demyo.com...s/demyo-power-strip/

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #5 on: January 20, 2013, 12:12 AM »
I forget where I saw it, but there's an open source one that you can build yourself for basically pennies. I think it was based on the Raspberry-Pi.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #7 on: January 20, 2013, 06:32 AM »
Raspberry Pi Power Strip

And I think that's it~! :)

Thanks for linking to it.  :Thmbsup:
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #8 on: January 20, 2013, 08:29 AM »
^Yup. That's the one. 4wd beat me to it. :Thmbsup:

Things like this can keep sysadmins up at night since the same thing could be used for much more nefarious purposes like setting up 'man in the middle' type spoofs, hiding secret file servers (linked to a Dropbox account), planting remotely controlled timebomb machines to gum up the internal network with bogus packets (watch the IT dudes go crazy trying to figure out how the packets are supposedly making it in through the firewall), ...oh...the mind boggles. Especially since end-to-end encryption is the exception rather than the rule in most places. LANs tend to be pretty open and less monitored than the WAN and gateway traffic usually is. Once you're in - you're *IN* - on many LANs. And a so-called passive sniffing setup is also very doable, making these things very hard to detect.

A couple of night cleaning people armed with a handful of these babies to leave behind could 'clean' a lot more than just the wastebaskets and rugs.

Oh well! There's no rest for the wicked. One more thing to be aware of. And check for. :-\


wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #9 on: January 20, 2013, 09:11 AM »
Of course there's the simple piratebox that could be set up with this- a separate wireless network in the same building as your standard network...

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #10 on: January 20, 2013, 09:29 AM »
Of course there's the simple piratebox that could be set up with this- a separate wireless network in the same building as your standard network...

The PirateBox would still need to be linked into the network as the PB network is independent by itself. It would also likely need some software rewritten, but still... a deadly combo. :D
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #11 on: January 20, 2013, 11:58 AM »
That is true... but there's a more insidious way to do it if you have inside help- one that's harder to trace.  Bridge the network connection on a legitimately connected computer...

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #12 on: January 20, 2013, 01:10 PM »
Adding more security to a LAN will result in a lot more calls to the IT department with people complaining that they cannot work (efficiently) anymore.

Last week I had to use a properly locked down LAN, but required access to a database on another separated subnet from that LAN. Because of time pressure Not only me but a senior programmer, a senior DBA and me had to work almost a full work day just to recreate an environment where we could investigate.

In an open LAN this job would have taken me alone at most 2 hours.

Security and an efficient workflow do not match. Besides, trust needs to start somewhere and that implicates there is immediately an opportunity to misuse it.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #13 on: January 20, 2013, 07:55 PM »
That is true... but there's a more insidious way to do it if you have inside help- one that's harder to trace.  Bridge the network connection on a legitimately connected computer...

So a computer on the network connects to the PB, which is connected to the Pwnie? Or, the Pwnie connects to the computer and to the PB?
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #14 on: January 20, 2013, 08:46 PM »
The former.  That's why I think it would be so insidious.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #15 on: January 20, 2013, 10:12 PM »
The former.  That's why I think it would be so insidious.

Damn. You're right. You could hide the combo anywhere then once you connect to the PB from the computer, boom... PWNAGE~! ;D

Very insidious. Maybe I should make them and sell 'em on eBay~! :D
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #16 on: January 20, 2013, 11:25 PM »
The former.  That's why I think it would be so insidious.

And, while you're at it, might as well take the evil to a slightly lower level:

http://pingbin.com/2...p-wifi-raspberry-pi/

Make the PWNIE wireless, hide it out in the open, then you only need to hide the PB, making concealment just a bit easier.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #17 on: January 20, 2013, 11:38 PM »
I'd hate to be a sysadmin right about now...

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #18 on: January 21, 2013, 12:07 AM »
I'd hate to be a sysadmin right about now...

It only gets worse...

http://pwnieexpress....for-the-raspberry-pi

Raspberry Pwn: A pentesting release for the Raspberry Pi

 Pwnie Express is happy to announce the initial release of Raspberry Pwn! Security enthusiasts can now easily turn their Raspberry Pi into a full-featured security penetration testing and auditing platform! This fully open-source release includes the following testing tools:

SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, w3af


Download your Raspberry Pwn here: https://github.com/p...xpress/Raspberry-Pwn

Special thanks to @zenofex for letting us borrow his Pi. Enjoy!

- The Pwnie Express Team

Sysadmins! Welcome to HELL~! :P ;D

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #19 on: January 21, 2013, 10:06 AM »
Ok... that's just evil.  ;D

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #20 on: January 21, 2013, 11:16 AM »
Ok... that's just evil.  ;D

I think Cthulhu would be proud! :D Don't you? ;)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

SeraphimLabs

  • Participant
  • Joined in 2012
  • *
  • Posts: 497
  • Be Ready
    • View Profile
    • SeraphimLabs
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #21 on: January 21, 2013, 01:24 PM »
Sysadmins! Welcome to HELL~! :P ;D

And corporate wonders why I've requested the worker's handbook be amended to say that anyone who connects hardware not approved by the IT department to the company network should receive disciplinary action.

Cause all it takes is one bad apple, and your entire network gets pwnt.

Of course the brass doesn't care about that, after all its my job to keep it alive no matter what. Just, they certainly don't put any effort into making my job easier.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #22 on: January 21, 2013, 01:28 PM »
Sysadmins! Welcome to HELL~! :P ;D

What do you mean "welcome"???

We've been paying on our overpriced condos in Hades for the last 25 years. We're in an old well-established neighborhood down here.
 ;) ;D

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: PowerPwn: Power strip by day, Hacking device by night!
« Reply #23 on: January 21, 2013, 03:09 PM »
Of course the brass doesn't care about that, after all its my job to keep it alive no matter what. Just, they certainly don't put any effort into making my job easier.

Around here the brass are the ones most likely to plug in some dumb shit and take the network down. Like the day 'Our Leader X' decided to plug a dangling cable into the switch (and. not. tell. anybody...) because they couldn't figure out why it wasn't/didn't "appear to Go anywhere"...(as it's such a bitch to trace a 3' cable, to find out it was already plugged into self same switch)... That shit cost me an hour trying to figure out why half the network had gone black.

I seriously considered strangling then with said cable when the issue was found.