Author Topic: PowerPwn: Power strip by day, Hacking device by night! (Read 12952 times)

Josh · « **on:** July 22, 2012, 07:53 AM »

As a pen testing enthusiast, this device is high on my "Awesome stuff-o-meter".

The Power Pwn may look like an ordinary power strip, maybe with an included surge protector, but it's far from it. Network administrators and IT staff in general need to be wary of this one: it can do much more than meets the eye.

The Defense Advanced Research Projects Agency (DARPA)'s Cyber Fast Track program helped funded the development of the Power Pwn. Pwnie Express, which developed the $1,295 gizmo, says it's "a fully-integrated enterprise-class penetration testing platform." That's great, but the company also notes its "ingenious form-factor" (again, look at the above picture) and "highly-integrated/modular hardware design," which to me translates to: it's the perfect tool for hacking a corporate network.

Source

40hz · « **Reply #1 on:** July 22, 2012, 08:16 AM »

I don't know which part is more clever. The device itself - or the fact some enterprising contractor suckered the US government into shelling out $1,295 apiece for a device that should sell for something more like $400-$600 worst case.

I'll bet it runs some flavor of Linux and violates GPL too!

"a fully-integrated enterprise-class penetration testing platform."
-Josh (July 22, 2012, 07:53 AM)

Question: If it's a "testing platform" why did they feel the need go to such lengths to disguise its appearance?

There's no rest for the wicked...

Josh · « **Reply #2 on:** July 22, 2012, 08:28 AM »

It runs debian 6, as is mentioned at the source ;-)

40hz · « **Reply #3 on:** July 22, 2012, 08:31 AM »

It runs debian 6, as is mentioned at the source ;-)
-Josh (July 22, 2012, 08:28 AM)

Bingo!

Good choice of distro btw.

r0bert0 · « **Reply #4 on:** January 19, 2013, 08:07 PM »

another guy made something similar, but for the price you will like better, i think it was 700 bucks (:

thats da thing:

http://www.demyo.com...s/demyo-power-strip/

Renegade · « **Reply #5 on:** January 20, 2013, 12:12 AM »

I forget where I saw it, but there's an open source one that you can build yourself for basically pennies. I think it was based on the Raspberry-Pi.

4wd · « **Reply #6 on:** January 20, 2013, 03:39 AM »

Raspberry Pi Power Strip

Renegade · « **Reply #7 on:** January 20, 2013, 06:32 AM »

Raspberry Pi Power Strip
-4wd (January 20, 2013, 03:39 AM)

And I think that's it~!

Thanks for linking to it.

40hz · « **Reply #8 on:** January 20, 2013, 08:29 AM »

^Yup. That's the one. 4wd beat me to it.

Things like this can keep sysadmins up at night since the same thing could be used for much more nefarious purposes like setting up 'man in the middle' type spoofs, hiding secret file servers (linked to a Dropbox account), planting remotely controlled timebomb machines to gum up the internal network with bogus packets (watch the IT dudes go crazy trying to figure out how the packets are supposedly making it in through the firewall), ...oh...the mind boggles. Especially since end-to-end encryption is the exception rather than the rule in most places. LANs tend to be pretty open and less monitored than the WAN and gateway traffic usually is. Once you're in - you're *IN* - on many LANs. And a so-called passive sniffing setup is also very doable, making these things very hard to detect.

A couple of night cleaning people armed with a handful of these babies to leave behind could 'clean' a lot more than just the wastebaskets and rugs.

Oh well! There's no rest for the wicked. One more thing to be aware of. And check for. $:-\$

wraith808 · « **Reply #9 on:** January 20, 2013, 09:11 AM »

Of course there's the simple piratebox that could be set up with this- a separate wireless network in the same building as your standard network...

Renegade · « **Reply #10 on:** January 20, 2013, 09:29 AM »

Of course there's the simple piratebox that could be set up with this- a separate wireless network in the same building as your standard network...
-wraith808 (January 20, 2013, 09:11 AM)

The PirateBox would still need to be linked into the network as the PB network is independent by itself. It would also likely need some software rewritten, but still... a deadly combo.

wraith808 · « **Reply #11 on:** January 20, 2013, 11:58 AM »

That is true... but there's a more insidious way to do it if you have inside help- one that's harder to trace. Bridge the network connection on a legitimately connected computer...

Shades · « **Reply #12 on:** January 20, 2013, 01:10 PM »

Adding more security to a LAN will result in a lot more calls to the IT department with people complaining that they cannot work (efficiently) anymore.

Last week I had to use a properly locked down LAN, but required access to a database on another separated subnet from that LAN. Because of time pressure Not only me but a senior programmer, a senior DBA and me had to work almost a full work day just to recreate an environment where we could investigate.

In an open LAN this job would have taken me alone at most 2 hours.

Security and an efficient workflow do not match. Besides, trust needs to start somewhere and that implicates there is immediately an opportunity to misuse it.

Renegade · « **Reply #13 on:** January 20, 2013, 07:55 PM »

That is true... but there's a more insidious way to do it if you have inside help- one that's harder to trace. Bridge the network connection on a legitimately connected computer...
-wraith808 (January 20, 2013, 11:58 AM)

So a computer on the network connects to the PB, which is connected to the Pwnie? Or, the Pwnie connects to the computer and to the PB?

wraith808 · « **Reply #14 on:** January 20, 2013, 08:46 PM »

The former. That's why I think it would be so insidious.

Renegade · « **Reply #15 on:** January 20, 2013, 10:12 PM »

The former. That's why I think it would be so insidious.
-wraith808 (January 20, 2013, 08:46 PM)

Damn. You're right. You could hide the combo anywhere then once you connect to the PB from the computer, boom... PWNAGE~!

Very insidious. Maybe I should make them and sell 'em on eBay~!

Renegade · « **Reply #16 on:** January 20, 2013, 11:25 PM »

The former. That's why I think it would be so insidious.
-wraith808 (January 20, 2013, 08:46 PM)

And, while you're at it, might as well take the evil to a slightly lower level:

http://pingbin.com/2...p-wifi-raspberry-pi/

Make the PWNIE wireless, hide it out in the open, then you only need to hide the PB, making concealment just a bit easier.

wraith808 · « **Reply #17 on:** January 20, 2013, 11:38 PM »

I'd hate to be a sysadmin right about now...

Renegade · « **Reply #18 on:** January 21, 2013, 12:07 AM »

I'd hate to be a sysadmin right about now...
-wraith808 (January 20, 2013, 11:38 PM)

It only gets worse...

http://pwnieexpress....for-the-raspberry-pi

Raspberry Pwn: A pentesting release for the Raspberry Pi

Pwnie Express is happy to announce the initial release of Raspberry Pwn! Security enthusiasts can now easily turn their Raspberry Pi into a full-featured security penetration testing and auditing platform! This fully open-source release includes the following testing tools:

SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, w3af

Download your Raspberry Pwn here: https://github.com/p...xpress/Raspberry-Pwn

Special thanks to @zenofex for letting us borrow his Pi. Enjoy!

- The Pwnie Express Team

Sysadmins! Welcome to HELL~!

wraith808 · « **Reply #19 on:** January 21, 2013, 10:06 AM »

Ok... that's just evil.

Renegade · « **Reply #20 on:** January 21, 2013, 11:16 AM »

Ok... that's just evil.
-wraith808 (January 21, 2013, 10:06 AM)

I think Cthulhu would be proud!

Don't you?

SeraphimLabs · « **Reply #21 on:** January 21, 2013, 01:24 PM »

Sysadmins! Welcome to HELL~!
-Renegade (January 21, 2013, 12:07 AM)

And corporate wonders why I've requested the worker's handbook be amended to say that anyone who connects hardware not approved by the IT department to the company network should receive disciplinary action.

Cause all it takes is one bad apple, and your entire network gets pwnt.

Of course the brass doesn't care about that, after all its my job to keep it alive no matter what. Just, they certainly don't put any effort into making my job easier.

40hz · « **Reply #22 on:** January 21, 2013, 01:28 PM »

Sysadmins! Welcome to HELL~!
-Renegade (January 21, 2013, 12:07 AM)

What do you mean "welcome"???

We've been paying on our overpriced condos in Hades for the last 25 years. We're in an old well-established neighborhood down here.

Stoic Joker · « **Reply #23 on:** January 21, 2013, 03:09 PM »

Of course the brass doesn't care about that, after all its my job to keep it alive no matter what. Just, they certainly don't put any effort into making my job easier.
-SeraphimLabs (January 21, 2013, 01:24 PM)

Around here the brass are the ones most likely to plug in some dumb shit and take the network down. Like the day 'Our Leader X' decided to plug a dangling cable into the switch (and. not. tell. anybody...) because they couldn't figure out why it wasn't/didn't "appear to Go anywhere"...(as it's such a bitch to trace a 3' cable, to find out it was already plugged into self same switch)... That shit cost me an hour trying to figure out why half the network had gone black.

I seriously considered strangling then with said cable when the issue was found.