Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RSA: The Pwn Pad is an Android Tablet-Based Penetration Tester (Video)

Roblimo posted about a year and a half ago | from the use-this-device-for-good-and-never-for-evil dept.

Security 46

Last year Pwnie Express showed us their Stealthy Pen Test Unit that plugged directly into a 115 VAC wall outlet. This year at RSA they're proudly displaying their Pwn Pad, which is a highly-modified (and rooted) Nexus 7 tablet "which provides professionals an unprecedented ease of use in evaluating wired and wireless networks." They list its core features as Android OS 4.2 and Ubuntu 12.04; large screen, powerful battery; OSS-based pentester toolkit; and long range wireless packet injection. If you can't see the video (or want to read along) the transcript is below.

cancel ×

46 comments

Sorry! There are no comments related to the filter you selected.

LOL (-1, Flamebait)

Anonymous Coward | about a year and a half ago | (#43039047)

Looks gay. Just like what Linux users are.

Re:LOL (-1, Flamebait)

Anonymous Coward | about a year and a half ago | (#43039351)

if linux users are gay then apple users must be flaming faggots

Re:LOL (-1)

Anonymous Coward | about a year and a half ago | (#43042493)

No arguments here.

Pwn Pad Passes Perl Philter Phor (2, Insightful)

Anonymous Coward | about a year and a half ago | (#43039065)

Duplicates [slashdot.org]

Nice Tablet (2, Insightful)

jackb_guppy (204733) | about a year and a half ago | (#43039163)

I good see the hardware/software is flexable - even in these days of walled gardens.

My wife just got me a TP adapter, so I now have a net project to look forward too.

Re:Nice Tablet (1)

jampola (1994582) | about a year and a half ago | (#43043249)

Agreed. Potentially any Android device could be used. Can't wait to see the looks I get when I start wandering around my city with my Android phone with an TP link adapted connected to the OTG adapter and a Pringles tin taped to my head!

Huh? Where? (0)

bogaboga (793279) | about a year and a half ago | (#43039165)

If you can't see the video (or want to read along) the transcript is below.

Where? If I may ask? Are we engaged in some kind of mediocrity?

Re:Huh? Where? (1)

jackb_guppy (204733) | about a year and a half ago | (#43039247)

See: "Hide/Show Transcript" under the image that may or may not be there.

Re:Huh? Where? (2)

mcmonkey (96054) | about a year and a half ago | (#43039255)

Click the "Hide/Show Transcript" link under the video.

Yeah, not very clear.

Re:Huh? Where? (1)

jampola (1994582) | about a year and a half ago | (#43043257)

yeah, /. should have wrapped the "Show Transcript" in h1 tags eh?...

Sooo... (2, Informative)

Anonymous Coward | about a year and a half ago | (#43039189)

It's an $800 sub-par tablet with a bunch of free software installed that any "pwner" worth his/her salt should know how to get on their own. Meh.

Re:Sooo... (0, Funny)

Anonymous Coward | about a year and a half ago | (#43039251)

I was able to use it to hack into Slashdot's servers and download nude pictures of Rob Malda. Then I blackmailed him for $5 million not to release the pics of his micropeen.

Wouldn't that have to be like SoulSkill or onna... (-1)

Anonymous Coward | about a year and a half ago | (#43039337)

the dice managers now?

I mean c'mon everyone knows you gotta knock over WaPo's servers to get pictures of Malda's micropeenie now. Also: I thought he was a neuter now?

Re:Wouldn't that have to be like SoulSkill or onna (0)

Anonymous Coward | about a year and a half ago | (#43039371)

These were old pictures they forgot to clean out. Longer before his neuter days.

Re:Sooo... (1)

jampola (1994582) | about a year and a half ago | (#43043265)

My thoughts exactly. You could have this exact hardware setup for a third of the price and roll your own software. If you forego the Nexus and (and ability to install a working Ubuntu dist) swap that with one of the cheap Chinese made tablets (many have full size USB ports already!) then you'd be in the sub $150USD range.

Re:Sooo... (1)

RaceProUK (1137575) | about a year and a half ago | (#43044137)

It's an $800 sub-par tablet

My Nexus 7 cost £200 (~$300). And I've yet to find anything it can't do (within reason).

Am I the only one who was thinking Rockwell? (1)

oic0 (1864384) | about a year and a half ago | (#43039269)

I was hoping it was some sort of low cost, easy to use, material hardness tester attachment :(

Re:Am I the only one who was thinking Rockwell? (0)

Anonymous Coward | about a year and a half ago | (#43039431)

I was the only one thinking dup [slashdot.org] .

Not Really Revolutionary (1)

ilikenwf (1139495) | about a year and a half ago | (#43039343)

All of this has existed for some time. Unless you don't know have the knowledge to do this, or the ability to follow a guide, this is really just an overpriced MID from China.

Hak5 covered the USB dongle + sniffing, etc part of it. The rest is just compiling the tools which are free and possibly cranking out an Android gui for a few of them.

Re:Not Really Revolutionary (4, Insightful)

Lunix Nutcase (1092239) | about a year and a half ago | (#43039469)

They don't claim it's revolutionary. Also the integration and pre-configuration is very important to many people who would be interested in such a product. Much more so than your dimissive comment would make it seem. Sure, one could buy all the parts separately, recompile the kernel and all the software and put it tall together hemselves. On the other hand, most people's time is not worthless so the price is worth the fact that one can be up and running immediately.

Re:Not Really Revolutionary (3, Interesting)

DarkTempes (822722) | about a year and a half ago | (#43039751)

First of all, this is neat. I've used usb host mode on my HP Touchpad to run a wireless adapter for kismet before just to see if I could.
But mostly I don't think this is for consumers or enthusiasts .

Let's say $300 for the most expensive nexus 7 and they're selling this for $800.

Maybe $100 for all of the other extra hardware (very generous as the wifi adapter is $15-20, etc)

That means you're paying $400, half of the device, for them to: compile a custom kernel for android (turn on packet injection), install an ubuntu chroot, install most of the packages from apt, and build a couple of them from source.
They're using an ubuntu chroot so no need for android custom gui apps.

$400 is a pretty hefty convenience cost but I guess I could see where for business purposes that would make sense for some people.

Re:Not Really Revolutionary (2)

CanHasDIY (1672858) | about a year and a half ago | (#43040115)

You're pretty much dead on with your numbers:

32GB Nexus 7 w/ AT&T 3G - $300 [google.com]

TP-Link TL-WN722N (atheros usb wifi) - $20 [newegg.com]

Sena UD100 (Bluetooth USB) - $40 [sena.com]

USB Ethernet adapter - ~$30 (really? Damn!)

OTG cable (host mode) - $2 [amazon.com]

I wonder how long it takes them to compile/load all those apps? Would be interesting to break it down and see just how much per hour these guys are charging.

Re:Not Really Revolutionary (1)

DarkTempes (822722) | about a year and a half ago | (#43040709)

Couldn't they make a script where they plug in a new nexus 7 and it roots and images a device based off of the initial working device and they're good to go?

That leaves 2 months of sunk costs working on the initial setup (what they claim in the video) and handling packaging/billing/shipping/tax.

Re:Not Really Revolutionary (1)

CanHasDIY (1672858) | about a year and a half ago | (#43047893)

Don't see why not; heck, they can probably use scripts to automate the whole process, I know I would.

Re:Not Really Revolutionary (0)

Anonymous Coward | about a year and a half ago | (#43041023)

I was hoping they hacked/reverse engineered the drivers for onboard broadcom wifi.
At least that would have been useful. Oh well.

Re:Not Really Revolutionary (1)

AHuxley (892839) | about a year and a half ago | (#43039841)

They had to recompile the android kernel, get Ubuntu on, they compiled tools form source to get the newest versions - for ARM.
So all the person has to do is plug the wireless usb device in, click the icon and then see what the surrounding wireless/wired network is like.
The other point is the battery, quad core cpu and work done on usb hardware to inject into wireless.
Its all open source too :) The news is its public for Android.

Advice For Doing Interviews (2)

CanHasDIY (1672858) | about a year and a half ago | (#43039433)

Tim: Now is this an outgrowth of the Pwnie Plug? The earlier product, the plug that was here last year? And that is still available?

Oliver: Yes. That is correct.

Tim: So what does this cost? And what goes into that? For instance, I see you’ve got a different wireless card on here, can you talk in detail about what’s the wireless that you’ve got attached to the back there?

Oliver: Yeah, so this is a TP-link adapter. This is a unique card in that it supports a packet injection, monitor mode and wireless promiscuous mode, which lets you do sidejacking.

Word of advice: try letting the interviewee answer the current fucking question before you ask another one.

I, personally, would like to know what the cost will be, but thanks to Timmy's piss-poor interviewing skills, I'll have to seek the information elsewhere.

Re:Advice For Doing Interviews (1)

Lunix Nutcase (1092239) | about a year and a half ago | (#43039485)

And the price point on it is $800 for the whole kit,

Straight from the transcript...

Re:Advice For Doing Interviews (1)

CanHasDIY (1672858) | about a year and a half ago | (#43039635)

And the price point on it is $800 for the whole kit,

Straight from the transcript...

Yea, I see that now; 3, 4 questions further down.

Timmy should have given him an opportunity to answer before moving to a new line of questioning; Journalism 101.

Re:Advice For Doing Interviews (1)

Lunix Nutcase (1092239) | about a year and a half ago | (#43039677)

No, it was in the response to the question from right after what you quoted.

Re:Advice For Doing Interviews (1)

CanHasDIY (1672858) | about a year and a half ago | (#43039723)

No, it was in the response to the question from right after what you quoted.

Right:

And what goes into that?

There's 1...

For instance, I see you’ve got a different wireless card on here, can you talk in detail about what’s the wireless that you’ve got attached to the back there?

#2...

And how is it attached to the device?

aaaand 3.

Re:Advice For Doing Interviews (1)

Lunix Nutcase (1092239) | about a year and a half ago | (#43039839)

No. The end part of what you quoted was the response:

Oliver: Yeah, so this is a TP-link adapter. This is a unique card in that it supports a packet injection, monitor mode and wireless promiscuous mode, which lets you do sidejacking.

Right below that is the question and answer from where I quoted:

Tim: And how is it attached to the device?

Oliver: So this is just a standard OTG USB cable. One of the really nice things about Android devices is there is a lot of support for USB, so you can practically plug in any USB device and access it through Android. So flash drives, keyboards, mice, and now adapters with the kernel work that we’ve done. So this is like a long range wireless card. It also comes with a small Bluetooth adapter. It also comes with an USB Ethernet adapter, so that you could plug it into the wire. And the price on the product it also comes with this nice case with the Velcro. And the price point on it is $800 for the whole kit, but if you have a Nexus 7 the software will be available on our website to download, and you can get the adapter separately.

So, as I said it's the very next response after what you quoted. Not 3 to 4 questions further down.

Re:Advice For Doing Interviews (1)

CanHasDIY (1672858) | about a year and a half ago | (#43039973)

Agree to disagree, not worth my time to argue.

Re:Advice For Doing Interviews (0)

Anonymous Coward | about a year and a half ago | (#43040141)

"Agree to disagree" about what? No one disagrees that it'd be better to have one question and response, but Lunix Nutcase is 100% right that the response to Tim's multi-question question contained all of the answers you're moaning about.

Re:Advice For Doing Interviews (1)

geminidomino (614729) | about a year and a half ago | (#43044249)

IME, "Agree to disagree" seems to be code for "drop it so I don't have to cop to being wrong."

Re:Advice For Doing Interviews (1)

CanHasDIY (1672858) | about a year and a half ago | (#43069911)

IME, "Agree to disagree" seems to be code for "drop it so I don't have to cop to being wrong."

1) What does "IME" mean?

2) Actually, it's code for "I've got better things to do with my time than waste it waxing philosophic with some annoying internet pedant." At least, it is when I use the phrase; YMMV.

Re:Advice For Doing Interviews (1)

geminidomino (614729) | about a year and a half ago | (#43070811)

"In my experience."

Re:Advice For Doing Interviews (1)

CanHasDIY (1672858) | about a year and a half ago | (#43071113)

Ah.

Learn something new every day.

36 Chambers of Pwning (1)

PopeRatzo (965947) | about a year and a half ago | (#43039593)

RSA has always been one of my favorite hip-hop artists.

Re:36 Chambers of Pwning (1)

Sez Zero (586611) | about a year and a half ago | (#43039769)

I see what you did there, you Wu, you.

Pwn Pad? Sounds fun. (1)

steelfood (895457) | about a year and a half ago | (#43040041)

Hey baby, wanna experience my pwn pad together with me tonight?

Nexus 7 ROM? (-1)

Anonymous Coward | about a year and a half ago | (#43040341)

So basically it's a $600 nexus 7 rom? Someone buy one and dump it then post the rom so we can just flash it on any nexus 7.

hacking with kids (1)

trexd___ (2799583) | about a year and a half ago | (#43040719)

These days kids can buy these expensive products and it allows them to easily hack into systems they don't understand. If they really would like to hack it would be better for them to learn how to code and write their own software. This allows them to learn responsibility for hacking and their actions instead of "piggybacking" off of pre-made programs and one button software.

security experts? (0)

Anonymous Coward | about a year and a half ago | (#43041571)

If these are supposedly security experts, why do they censor the cookie information on the screenshot in only 1 of two places - or anything at all? What exactly makes this "commercial grade"? All I see is some FOSS, a N7 and some dongles sold at a terrible price. They didn't take time to make it even look nice.

'Seems they are just trying to make a quick buck reselling something they didn't really create as an out-of-box... It would be smarter to start a community and have a support-based business model if they actually had some expertise. Pwnie Express is and always was a joke. Can't wait to see the source.

http://linuxonandroid.org/

Ubuntu on Android Tablet (0)

Anonymous Coward | about a year and a half ago | (#43041615)

rooting kits might be the only reason...

SuckerPad (1)

ruir (2709173) | about a year and a half ago | (#43044541)

Quick, be an idiot and pay $800 for a $50 - $200 tablet instead of downloading backtrack and using it in a cheap notebook or even your old notebook you dont use anymore...
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?