Thursday 1 March 2012

Pwnie Express - penetration testing pogo plug

So I just found out about the PwnPlug line of products. I remember reading about a couple of guys doing something like this (link) at Defcon ten years ago using a Sega Dreamcast, but this solution is more powerful, has more features and would look fairly innocuous plugged in to a socket in most offices.

Bringing a new meaning to the term 'Plug and play'

The main features listed on the site:
  • Maintains a covert, encrypted, firewall-busting backdoor into your target network [Details]
  • Includes "Plug UI" for simple web-based setup
  • Tunnels through application-aware firewalls & IPS
  • Sends an SMS message when SSH tunnel is activated
  • Preloaded with Ubuntu, Metasploit, SET, Fasttrack, SSLstrip, nmap, dsniff, netcat, nikto, nbtscan, scapy, ettercap, JTR, medusa, & more!
  • Unpingable and no listening ports in stealth mode
  • Includes stealthy decal stickers
That's quite the payload, delivered in something compact and stealthy. 

1 comment:

  1. You don't work for News International by any chance?

    ReplyDelete