Picture this scenario: A box arrives at the office from Amazon or an office supply store. It’s addressed to the department manager. They open up the box and find a power strip inside, with an invoice – fully paid. The manager doesn’t remember ordering it but there’s been a lot going on. He asks around if anybody needed a power strip and somebody volunteers because they could not plug their fan in without it. The manager thinks that must have been why he ordered it and the staff is happy that they got the equipment.
The staff member goes back to their desk and plugs everything in. Little do they know, they have just opened a hole to the entire network. The device is called Power Pwn, a product from Pwnie Express for penetration testing.
Another scenario could just have a penetration tester getting into the building somehow (e.g. as a custodian, a job interview, or on a tour) and plugs in the device and connects everything up, leaving it inconspicuously ready for use under an abandoned desk.
The Power Pwn builds on the more suspicious looking Pwn Plug with a more disguising look and a lot more features.
- Onboard high-gain 802.11b/g/n wireless
- Onboard high-gain Bluetooth (up to 1000′)
- Onboard dual-Ethernet
- Fully functional 120/240v AC outlets!
- Includes 16GB internal disk storage
- Includes external 3G/GSM adapter
- Includes all release 1.1 features
- Fully-automated NAC/802.1x/RADIUS bypass!
- Out-of-band SSH access over 3G/GSM cell networks!
- Text-to-Bash: text in bash commands via SMS!
- Simple web-based administration with “Plug UI”
- One-click Evil AP, stealth mode, & passive recon
- Maintains persistent, covert, encrypted SSH access to your target network [Details]
- Tunnels through application-aware firewalls & IPS
- Supports HTTP proxies, SSH-VPN, & OpenVPN
- Sends email/SMS alerts when SSH tunnels are activated
- Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more!
- Unpingable and no listening ports in stealth mode
With the device on the inside, the security researcher could snoop on the whole network remotely with a lot of tools ready and waiting at their fingertips.
The scary thing is that most people wouldn’t think twice about the power strip showing up if it was packaged convincingly enough. After that, the victims would do the work for the hacker by plugging it in.
This convincing tool is available for pre-order currently with an estimated delivery of September 30th. The price for such a rig: $1,295.00 USD. You can see more pictures and the product documentation from the product page on PwnieExpress.com. Just in time for Black Hat and DEF CON information security conferences.