Really innovative tool for performing penetration tests and – on the not so good side – hacking. Really clever design and implementation. Also a great tool for teaching the Certified Ethical Hacker curriculum.
From Robert McMillanThe Little White Box That Can Hack Your Network:
When Jayson E. Street broke into the branch office of a national bank in May of last year, the branch manager could not have been more helpful. Dressed like a technician, Street walked in and said he was there to measure “power fluctuations on the power circuit.” To do this, he’d need to plug a small white device that looked like a power adapter onto the wall.The power fluctuation story was total bullshit, of course. Street had been hired by the bank to test out security at 10 of its West Coast branch offices. He was conducting what’s called a penetration test. This is where security experts pretend to be bad guys in order to spot problems.
In this test, bank employees were only too willing to help out. They let Street go anywhere he wanted — near the teller windows, in the vault — and plug in his little white device, called a Pwn Plug. Pwn is hacker-speak for “beat” or “take control of.”
“At one branch, the bank manager got out of the way so I could put it behind her desk,” Street says. The bank, which Street isn’t allowed to name, called the test off after he’d broken into the first four branches. “After the fourth one they said, ‘Stop now please. We give up.’”
Built by a startup company called Pwnie Express, the Pwn Plug is pretty much the last thing you ever want to find on your network — unless you’ve hired somebody to put it there. It’s a tiny computer that comes preloaded with an arsenal of hacking tools. It can be quickly plugged into any computer network and then used to access it remotely from afar. And it comes with “stealthy decal stickers” — including a little green flowerbud with the word “fresh” underneath it, that makes the device look like an air freshener — so that people won’t get suspicious.
No comments:
Post a Comment