Introducing the Gizmag Store

Power Pwn: a DARPA-funded hack machine

By

July 24, 2012

A fully featured pentesting solution

A fully featured pentesting solution

Image Gallery (6 images)

The Power Pwn is a fully-integrated, enterprise-class penetration testing platform. A successor to the popular Pwn Plug, the device features a highly-integrated modular hardware design. Backed and funded by the Defense Research Projects Agency (DARPA), it aims to provide corporations and security-conscious individuals with a cheaper and easier means to defend themselves against hackers, by providing them with the same set of tools as their digital assailants.

With the appearance of a simple surge protector, the Power Pwn won't turn any heads, but crack open its unassuming casing and you'll find everything you need to run a full-scale security auditing software suite. The biggest draw of the device is undoubtedly its ability to perform tests remotely. A security professional can simply ship the Power Pwn to a corporate facility and gain access to the device covertly over Ethernet, wireless or 3G/GSM cell networks.

Text to bash functionality

Text to bash functionality

The cellular network functionality allows users to text in bash commands via SMS. There's even the potential to take advantage of voice-recognition software such as Apple's Siri to push commands to the device.

Shipping with the Debian 6 instance of Linux, the Power Pwn aims to make comprehensive pentesting easier and cheaper for corporations and security professionals. Companies can mail the US$1,295 hardware out to their branches and conduct full-scale penetration tests of their remote networks, completely eliminating travel expenses.

A wide range of connectivity options including wireless, dual Ethernet and 3G/GSM cell net...

A wide range of connectivity options including wireless, dual Ethernet and 3G/GSM cell networks.

There are concerns that hackers may use the device against its intended owners, but the backing and funding of DARPA should go some way to ensuring that the Power Pwn stays firmly in the hands of the good guys. To this effect, the CEO of Pwnie Express, Dave Porcello told Wired that 90 percent of the company's customers work for corporations or the federal government.

Full features and specs are as follows:

  • Onboard high-gain 802.11b/g/n wireless
  • Onboard high-gain Bluetooth (up to 1000')
  • Onboard dual-Ethernet
  • 120/240v AC outlets
  • 16 GB internal disk storage
  • External 3G/GSM adapter
  • Fully-automated NAC/802.1x/RADIUS bypass
  • Out-of-band SSH access over 3G/GSM cell networks
  • Text-to-Bash: text in bash commands via SMS
  • Web-based administration with “Plug UI”
  • One-click Evil AP, stealth mode, & passive recon
  • Maintains persistent, covert, encrypted SSH access to your target network
  • Tunnels through application-aware firewalls & IPS
  • Supports HTTP proxies, SSH-VPN, & OpenVPN
  • Sends email/SMS alerts when SSH tunnels are activated
  • Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools and more.
  • Unpingable and no listening ports in stealth mode
  • Sources: Pwnie Express, Wired

    About the Author
    Chris Wood Chris recently graduated from the University of Exeter with a degree in Politics and Ancient History. Based in the U.K., he has an enthusiasm for technology of all kinds, specializing in mobile tech and games. In his spare time you might find him running, playing music, following NFL (Pats fan) or fueling his ever growing Swiss watch obsession.   All articles by Chris Wood
    Tags
    2 Comments

    LOL - if it's for testing, why is it disguised and bristling with stealth?

    This gadget has exactly one use: industrial espionage, which was obvious in itself before they even told us who the customers were :-)

    christopher
    25th July, 2012 @ 01:59 am PDT

    So, 90% of their customers are known corporate & federal users. And who are the other 10%? Not really, sure but the company took their money and sold stuff anyway?

    Exactly what part of this is supposed to engender a sense of safety?

    The most likely corporate users are going to be some of the same S%%tHeds in fine, trustworthLess industries like finance, pharmaceuticals, or Oil. The Feds are going to be folks like the A$$Ho@@s at FDA or EPA focused on hunting down employees squealing on the agency or the previously described corporations buying agency control on a rent-to-own plan.

    While I cheerfully look forward to Julian Assange appearing in a Swedish court or the little Army private serving life for damaging national security I am not entirely certain there is reason to be pleased that someone can sneak into a system by just swapping out a power strip.

    StWils
    26th July, 2012 @ 06:46 am PDT
    Post a Comment

    Login with your gizmag account:

    Or Login with Facebook:


    Related Articles

    Just enter your friends and your email address into the form below

    For multiple addresses, separate each with a comma




    Privacy is safe with us because we have a strict privacy policy.

    Looking for something? Search our 26,501 articles