Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Pwnie Express Releases Android-Based Network Hacking Kit

timothy posted about a year ago | from the thanks-for-the-tablet-sirs dept.

Android 35

At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.

Sorry! There are no comments related to the filter you selected.

They should have used a HOSTS file (-1)

Anonymous Coward | about a year ago | (#42988415)

$10,000 CHALLENGE to Alexander Peter Kowalski

Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.

Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?

Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.

If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.

I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.

Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.

Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.

I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.

If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!

You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel, claiming that the APK on OSY was fake.

My reputation as a professional in this field clearly shows in multiple publications in this field in written print, & also online in various GOOD capacities since 1996 to present day. This has happened since I was first published in Playgirl Magazine in 1996 & others to present day, with helpful tools online in programs, & professionally sold warez that were finalists @ Westminster Dog Show 2000-2002.

Did you see the movie "Pokemon"? Actually the induced night "dream world" is synonymous with the academic religious induced "HOSTS file" enslavement of DNS. Domains have no inherent value, as it was invented as a counterfeit and fictitious value to represent natural values in name resolution. Unfortunately, human values have declined to fictitious word values. Unknowingly, you are living in a "World Wide Web", as in a fictitious life in a counterfeit Internet - which you could consider APK induced "HOSTS file". Can you distinguish the academic induced root server from the natural OpenDNS? Beware of the change when your brain is free from HOSTS file enslavement - for you could find that the natural Slashdot has been destroyed!!

FROM -> Man - how many times have I dusted you in tech debates that you have decided to troll me by ac posts for MONTHS now, OR IMPERSONATING ME AS YOU DID HERE and you were caught in it by myself & others here, only to fail each time as you have here?)...

So long nummynuts, sorry to have to kick your nuts up into your head verbally speaking.

cower in my shadow some more, feeb. you're completely pathetic.

Disproof of all apk's statements: [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] []

Ac trolls' "BIG FAIL" (quoted): Eat your words!

That's the kind of martial arts I practice.

Re:They should have used a HOSTS file (1)

webmistressrachel (903577) | about a year ago | (#42989683)

You are surely of God of Trolls, whomever you are. I have had stupid arguments with and bitten the troll apk many times.

I liked how you got it just long enough to display all the content, and yet the Slashdot renderer still teased me with "Read the rest of this comment" or whatever it says.

You had this ready for the next article to appear, didn't you? Helluva copypasta, baby!

Re:They should have used a HOSTS file (1)

Arancaytar (966377) | about a year ago | (#42990803)

4 simultaneous DNS servers within a single rotation of .org TLD

what you did there

i see it

1st time got it working? (1)

MrDoh! (71235) | about a year ago | (#42988445)

You could chroot BackTrack on a Nexus One a couple of years ago I thought. That gets you aircrack. If they've ported it over without needing that though? excellent.

Re:1st time got it working? (5, Informative)

kwark (512736) | about a year ago | (#42988509)

Chrooting has been around since the first android device (ADP/G1). The problem is having a driver that enables monitor mode.

nt (3, Funny)

shentino (1139071) | about a year ago | (#42988471)

My little pwnie, my little pwnie

Ah ah ah ahh ahhhhhhhhh!

Myyy little pwnie!

Re:nt (2)

femtobyte (710429) | about a year ago | (#42990909)

You have one too many "ah"s in there.

Dammit, why did I know that from memory?

What jumped out at me (1)

egcagrac0 (1410377) | about a year ago | (#42988479)

“I even called them and said we’d like to purchase 10,000 iPads, but we’d need to modify [iOS] slightly,” Porcello says.

Apple said “no.”

Translated: We don't want your $7million, since you're not just going to hand it over. You don't want our product, you want a customized product.

Re:What jumped out at me (1)

ceoyoyo (59147) | about a year ago | (#42989195)

Translated: We'd like you to provide us with a customized version of your product, which we know you're not set up to do. We'd like to pay wholesale prices for it too, please.

Dear Editors (2)

AmiMoJo (196126) | about a year ago | (#42988493)

Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.

Re:Dear Editors (1)

K. S. Kyosuke (729550) | about a year ago | (#42988545)

Please edit the hype out of submissions. "Bashes the hell out of corporate networks"? Come on guys, this is Slashdot. Have some respect.

Uh? I'd say the sentence does show a lot of respect with regards to the device in question, doesn't it?

Re: Dear Editors (1)

Anonymous Coward | about a year ago | (#42988579)

No, it really doesn't. Same with the name, Pwnie.

Childless leet-speak. Nothing more

Re: Dear Editors (0)

Anonymous Coward | about a year ago | (#42991349)

You say childless like it's a bad thing, rather than a responsible way to live on a planet dealing with limited resources and overconsumption.

Re:Dear Editors (-1)

Anonymous Coward | about a year ago | (#42989419)

How about you shut the fuck up Nancy?

Well.. (0)

Anonymous Coward | about a year ago | (#42990023)

Doesn't it?

If I was to read a headline that said "Katy Perry has a smokin' hot rack!", I would not call it hype.

Re:Dear Editors (2)

Scorch_Mechanic (1879132) | about a year ago | (#42991259)

The submission quotes from the wired article, specifically the first and third paragraphs. It's not kosher to delete words from direct quotes just because they're "hype", and might even be improper in this case (because the phrasing comes from the wired article and conveys how the writer of the article feels about the device, which gives important information for the reader). Of course, that doesn't mean a clever editor could jump in anyways with ellipsis and such, but ellipsis are ugly and in this case the sentence is so short there would be no point.

For the record, omitting the second paragraph (which details pricing) from the submission and not indicating the omission with ellipsis or making it two separate quotes is bad editing.

(I'm not a "real" editor, I just have an interest in proper formatting. I may be getting something here wrong, and if I am please feel free to jump on my head and/or correct me.)

Yay, a decent OS to run on my Nexus 7 (-1, Troll)

sensationull (889870) | about a year ago | (#42988525)

It will almost certainly be much more stable than what Google have managed so far with the Nexus 7, horrible unstable bit of junk that can't even manage Bluetooth.

Umm, did you RTFA? (1)

Anonymous Coward | about a year ago | (#42988561)

It's still running Android.

Re:Umm, did you RTFA? (1)

Aaron B Lingwood (1288412) | about a year ago | (#42989691)

Yay, a decent OS to run on my Nexus 7

It's still running Android.

This product ships with Android OS 4.2 and Ubuntu 12.04 to run the full range of tools.

While the specs have not been released, I suspect that the Android ships with a mainline kernel instead of Google's Linux Kernel for Android to include glibc, full Wi-Fi support and all GNU libraries. Also, su, a complete different repo/store and stripped of everything Google.

So, same OS, different Version, complete different Distro.

Re:Yay, a decent OS to run on my Nexus 7 (1)

sensationull (889870) | about a year and a half ago | (#42992729)

Go on fanboys, mod me down for being right, I own one and have had to return it once thanks to faulty hardware and wait months for them to fix 4.2 to deal with Bluetooth even remotely stably and for it to bring up the start screen icons in less than ten seconds. Before anyone starts spouting the fanboy line I should not have to root it, mod it or reflash it to make the damn thing work reasonably.

I'd buy one (3, Insightful)

cpicon92 (1157705) | about a year ago | (#42988551)

A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.
Frankly, I think that's a lot of work. Possibly more than $800 worth of work at standard IT wages. I think every corporate IT department should invest in one of these, it would seriously improve network security on the whole.

Re:I'd buy one (4, Insightful)

andydread (758754) | about a year ago | (#42988587)

What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?

Re:I'd buy one (2)

oodaloop (1229816) | about a year ago | (#42988609)

Look cool?

Re:I'd buy one (0)

Anonymous Coward | about a year ago | (#42988783)

Point and click, sorry, touch and swipe security.

Re:I'd buy one (0)

Anonymous Coward | about a year ago | (#42988805)

Fits on your hip and is less likely to be noticed passing through front door security.

Re:I'd buy one (4, Informative)

Aaron B Lingwood (1288412) | about a year ago | (#42988879)

What does this do for corporate IT departments that BackTrack5 on a $200 laptop cannot?

NFC: Monitor/Manipulate Contactless Payment Systems, Smart Tags and Mobile Devices (i.e: Force pair a Nokia)

Form Factor: Easily concealable and can be powered via USB. Easily turn off screen when someone is shoulder surfing

Connectivity: High Speed Mobile Data and superior network management. Ever since BT moved away from SLAX, falling back to WiFi when 3g drops has become unreliable. Multiband Radio makes it more likely to get a signal in a high security building

OS: BT5 for ARM is still not the best. Many tools are buggy and won't even run on a range of devices. Android is attracting quite a few developers meaning we are likely to see new tools on Android before BackTrack, Ubuntu or Debian Repositories. Making from source isn't viable when you are often working against the clock. BT5, being Ubuntu based, is a full desktop environment and it takes a lot of work to trim the fat. If you are talking about BT5 on an x86 laptop then the next point is amplified

Battery: Battery Life is likely much better on the Nexus than a cheap laptop. For reconnaissance, one may need to keep the device powered for hours or even days. Many cafes and bars will offer charging stations. Finding a power point on the other hand can be challenging, especially if one is trying to keep a low profile

Support: While the community-driven support for BT5 (and linux in general) is great, it is unlikely they can offer support for the particular device you are on (in a timely manner at least). Got an issue with this device, check the forums or get Live Chat Support

Crunching: Modern ARM SOC's have great number crunching ability, especially those found on mobile devices as there is a focus on graphics ability and not on economy

All my pentesting is done from either an x86 desktop (in a vehicle) or my Galaxy SIII. I find that laptops continually under-perform and have too many trade-offs. I only use them when the conditions require that I must.

Re:I'd buy one (1)

Cederic (9623) | about a year ago | (#42989613)

Far more interestingly: If they can do this on an android tablet, they can do it on an android phone. That's even more discrete, and quite probably just as usable.

Re:I'd buy one (1)

chispito (1870390) | about a year ago | (#42989991)

You don't type much while you're pentesting?

Re:I'd buy one (1)

Aaron B Lingwood (1288412) | about a year ago | (#42990143)

You don't type much while you're pentesting?

I use my desktop for preparation, execution and monitoring while the mobile device is normally taped under someone's desk, left charging at the lobby cafe or simply in lost property depending on the assignment

I prefer security and IT to be unaware that the audit will be performed, as they would be in a malicious attack.

Re:I'd buy one (0)

Anonymous Coward | about a year ago | (#42992095)

BackTrack5 because it is working so well and what the hey your company has nothing to lose.

Re:I'd buy one (3, Informative)

drinkypoo (153816) | about a year ago | (#42988605)

I'd make my own Pwnie plug instead.

The software ought to run on the standard Pogoplug. which is $20.

Re:I'd buy one (1)

Aaron B Lingwood (1288412) | about a year ago | (#42989887)

A lot of people are probably going to come on here and talk about how you can just root your standard Android tablet and then set it up to work the same way.

Rooting is inadequate for anything other than basic sniffing and WEP-cracking.

On these devices, the bastardized Wi-Fi drivers are compiled into the kernel which is stored in ROM. In order to do any kind of packet injection, deauth attack or to use monitor mode, a custom kernel hence a custom ROM will be required. For those with a locked bootloader, that will be yet another step.

Re:I'd buy one (1)

Ralph Ostrander (2846785) | about a year ago | (#42992125)

I was about to say the ROM. Hand held tools such as these are welcome to me. Everyday things like finding a bad NIC. If it makes your life easier.

Hail the n900 (1)

Anonymous Coward | about a year ago | (#42988795)

The king of mobile pentesting is the n900. Aircrack-ng has been working for ages, even with packet injection if you can find the patched drivers. Metasploit also runs as do tools like dsniff and ettercap

Re:Hail the n900 (1)

RobbieThe1st (1977364) | about a year and a half ago | (#42993035)

Pwnie express is selling one of those, too. And it even seems to come with a copy of my very own BackupMenu, so it's easy to restore if it breaks etc.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?