Pwnie Express, known purveyors of stealthy security tools, has recently opened up pre-orders for their newest and unquestionably most impressive product: the Power Pwn.
The Power Pwn, like it’s Pwn Plug sibling, is a complete Linux penetration testing suite that is concealed inside an innocent looking enclosure. But while the Pwn Plug was simply an off-the-shelf SheevaPlug, the Power Pwn is a completely new device designed by Pwnie Express themselves. Disguised as a standard power strip, it’s almost inconceivable that the casual observer will ever suspect anything.
The Power Pwn has some impressive features for something that’s built inside of a (fully functional) power strip:
- Onboard high-gain 802.11b/g/n wireless
- Onboard high-gain Bluetooth (up to 1000′)
- Onboard dual-Ethernet
- Fully functional 120/240v AC outlets!
- Includes 16GB internal disk storage
- Includes external 3G/GSM adapter
The inclusion of onboard WiFi, Bluetooth, and Ethernet is a huge improvement over the Pwn Plug, as that required USB adapters to be installed for any one of those interfaces (and the Pwn Plug has only a single USB port to begin with). While the Pwn Plug is a pretty innocuous looking white box, once it’s hooked up to a USB hub and a half a dozen blinking adapters, it suddenly looks a lot more suspect.
Dual Ethernet offers up a lot of interesting possibilities for man-in-the-middle work, and removes the need for the external Ethernet adapter the Pwn Plug requires when doing a NAC/802.1x bypass. The high-power Bluetooth radio is also of note, as most common Bluetooth devices don’t have nearly that kind of range. Being able to scan and track Bluetooth devices as they move through a target environment has a number of intriguing uses, such as determining when a person is sitting at their desk by scanning for their mobile phone.
By building all of these interfaces into the device, Pwnie Express has greatly improved the practicality of the product while at the same time making it considerably more stealthy. The only thing you might still have hanging out the side of the Power Plug is the 3G modem, but depending on your task you may not even need it.
Just like the Pwn Plug, the Power Pwn will include a whole suite of security tools with all of the big names represented (Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, etc, etc). While our initial review of the Pwn Plug found some faults with the early version of the operating system, the recent 1.1 update went a very long way towards fixing all of the problems from the earlier builds and turning the whole thing into a more cohesive product.
Pwnie Express has also started a welcomed push towards getting more community involvement with their products, and has recently opened up a github page for the Pwn Plug’s internal software.
The Power Plug isn’t slated to hit large scale distribution until September of this year, though presumably we will see more information released (and possibly some prototype hardware shown off) at the upcoming DEFCON security conference.
Interested parties can either signup to be notified when the Power Pwn has been released, or put down the money to ensure they receive a finished unit as soon as possible.
Source | Pwnie Express
The Powerbase will continue to deliver updated information on this innovative new security product as it becomes available.