Penetration Tester Reviews Pwn Pad 2014

By Alexandru Apostol

Just after the start of this year, our penetration test team received aPwnPad 2014 to augment their wireless testing services. The Pwn Pad 2014 is a customised tablet from Pwnie Express aimed at Penetration Testers. Its hardware specification is similar to what you would find on a Google Nexus 7, but features a custom ROM that has been packed with a modified Kali Linux back-end and includes essential tools such as Metasploit, SET, Kismet and the Aircrack suite. It also ships with several interesting accessories such as a USB Bluetooth adaptor and an additional high-gain wireless interface.

The core concept behind the Pwn Pad 2014 is that it provides a Penetration Tester with a mobile environment that is not only easier to carry around than a 17” mobile workstation, but that also attracts less attention. Media continually promotes an unrealistic image of today’s hackers as using laptop or desktop computers (not to mention a ski mask). The reality is that with a device such as the Pwn Pad 2014, it has the capability to deploy the same attacks as a penetration tester and can be kept in someone’s pocket whilst wandering around a company’s perimeter, scanning for insecure wireless networks.

“Using the tablet made the testing considerably easier”

Previously when conducting a wireless survey at a Premiership football ground, we spent two days carrying a laptop around the ground trying not to drop the laptop or collide with people or furniture. When using the Pwn Pad 2014 at our next location, we were able to conduct the survey without the concern of dropping the workstation or bumping into hazards. Using the tablet made the testing considerably easier. The Pwn Pad 2014 comes with the Aircrack suite pre-installed and the external wireless card can be mounted right on the case making it really easy to carry with one hand.

“This device is not for those with a non-technical background”

Whilst the Pwn Pad 2014 has its many advantages (well-built device, that has more capabilities than what is initially presented), we found that the out-of-the-box functionality is slightly limited and the lack of a physical keyboard makes typing difficult. Most of these issues can easily be resolved by writing your own scripts, but it is safe to note that this device is not for those with a non-technical background.

In conclusion, the Pwn Pad can provide a Penetration Tester with an effective and discreet mobile security testing environment. Essentially, the Pwn Pad 2014 provides the same functionality of a mobile workstation without the compromising the portability.

Find out more about the Pwn Pad 2014

As a CREST member company, IT Governance offers a range of penetration testing packages to help look for areas of weakness within your IT systems. Learn more about our penetration testing services here.

Pwnie Express turns the Nexus 5 into a powerful white hat hacking tool

Pwnie Express Turns the Nexus 5 Into a Powerful White Hat Hacking Tool

By Andrew Grush

Part of the magic of Android is the flexibility of the platform when it comes to customization and modding. With a little ingenuity, you can transform your Android-powered devices into just about anything — including a sweet hacking tool.

That’s exactly what Pwnie Express did to the Nexus 5, which it dubs as the Pwn Phone. Retailing for a pricey $1295, the Pwn Phone utilizes Nexus hardware but switches out stock Android for a special variant that has a recompiled kernel and runs on its own derivative of Kali Linux on the back-end of Android.

The Pwn Phone’s custom ROM gives the device the ability to act as a USB host, allowing it to add on Wi-Fi, Bluetooth and Ethernet via adapters. The reason for the added on adapters are that they offer improved range and capabilities over what’s already baked into the phone.

(Original Article)

The Weakest Link

weakest security linkIn the oft-repeated words of Bill Cheswick of Bell Labs, perimeter defenses like firewalls can serve as “a sort of crunchy shell around a soft, chewy center.” Your datacenter may be secured like Fort Knox with multiple layers of RFID and biometric access controls, security guards and anti-tailgating measures but your security posture is only as strong as its weakest component. This is the Defender’s Dilemma: The attacker only needs to find a single way into the network; the defender must defend all points from attack.

Open network ports in common areas such as training, break and conference rooms can provide an end run around the best laid security plans. The tension between the security of corporate data and convenience for users and administrators is most evident at these points. Given the choice between manually provisioning guests throughout the day and more permissive controls, the balance usually tilts towards greater ease of use.

In a recent pen test conducted by Black Hills Information Security for a company with otherwise strong security culture and controls, a Pwn Plug R2 was plugged into an open Ethernet port in a headquarters conference room that was accessible from the lobby without passing through a guard station. The Pwn Plug was also able to access Wi-Fi networks. The device remained undiscovered and operational for two weeks hidden under a conference room table. This device provided a platform to penetrate the headquarters network and the hardened data center beyond.

What can you do to prevent such an opening that bypasses your controls? The following measures can lessen the risk of a breach:

  • Disable unused cable drops
  • Apply network access control (NAC) where possible
  • Regularly inspect common areas for unfamiliar devices
  • Segment the corporate network to limit exposure if a compromise occurs in a single area
  • Treat networks in common areas as public and require VPN to access corporate resources
  • Restrict and monitor outbound protocols, especially from networks with public access

Android-based Pwn Phone is Prepared to Do Evil for Your Network’s Own Good

By Sean Gallagher

Mobile technology has made it possible for people to do an amazing amount with tablets and smartphones within the workplace—including hacking the living daylights out of the corporate network and other people’s devices. Pwnie Express is preparing to release a tool that will do just that. Its Pwn Phone aims to help IT departments and security professionals quickly get a handle on how vulnerable their networks are in an instant. All someone needs to do is walk around the office with a smartphone.

Pwnie Express’ Kevin Reilly gave Ars a personal walk-through of the latest Pwn Phone, the second generation of the company’s mobile penetration testing platform. While the 2012 first-generation Pwn Phone was based on the Nokia N900 and its Maemo 5 Linux-based operating system, the new phone is based on LG Nexus 5 phone hardware. However, it doesn’t exactly use Google’s vanilla Android.

“What we’ve done is taken Android 4.4 Kit Kat and recompiled the kernel,” said Reilly. “On the backend, it runs our own derivative of Kali Linux, called Pwnix. Essentially it’s running a full-blown Debian OS on the back-end of Android.“

(Original Article)

Mapping WiFi Networks on the Pwn Pad 2014

There are many advantages to mobile pentesting, certainly one of the biggest being the simple fact that you aren’t stuck in one single geographic location; you can move seamlessly through buildings or even whole campuses without breaking stride. But making sense of the data you collected while moving around a location can be a nightmare if you don’t have the visual context to put it all together.

Luckily, a few quick steps can take the data you’ve collected from Kismet on the Pwn Pad and turn it into a file ready for importing into Google Earth; giving you the geospatial perspective you need to turn raw data into a valuable pentesting tool.

Enable GPS

First, you’ll need to make sure GPS is enabled on the Pwn Pad. The easiest way to do this is to take a look at the “Power Control” widget on the main screen. If the center GPS icon isn’t illuminated, simply tap it to turn on the Pwn Pad’s GPS hardware.


With the GPS radio powered on, open the “BlueNMEA” application, located under the “Wireless Tools” directory.

Pwn Pad wireless tools

Capture APs with Kismet

With GPS enabled and the BlueNMEA application running, you can start the Kismet WiFi scanner by tapping its icon under “Wireless Tools”. As soon as Kismet opens, hit the “Enter” key on the onscreen keyboard to begin capturing WiFi networks and their GPS coordinates.


As you walk around scanning for WiFi access points, you’ll see a constantly updated feed at the bottom of the screen as new networks are detected. You should also be able to see the GPS coordinates update as you move around.

Once you’ve finished logging some APs, press the physical “Volume Down” button on the side of the Pwn Pad, followed by “c” on the keyboard. This will cause Kismet to gracefully shutdown, and make sure the log of discovered networks and their associated devices is saved properly.

Log File Conversion

You now have a Kismet log file that contains all of the WiFi devices you’ve seen as well as their geographical location under /opt/pwnix/captures/wireless, but it isn’t ready for displaying in Google Earth yet. We’ll need to convert it first with a simple tool from the Kali repository.

After you exit Kismet you’ll be dropped back to the terminal. From here, enter the following commands to install giskismet:

apt-get update
apt-get install giskismet

Hit “Enter” when asked if you’d like to install giskismet and its dependencies, and give the Pwn Pad a minute to complete the operation. Once installed, run giskismet against the latest Kismet log file with the following command (where DATE is the timestamp of the log file you wish to convert):

giskismet ­-x Kismet-DATE.netxml ­-q "select * from wireless" ­-o blog_example.kml

After running the command, you’ll see a list of discovered AP’s as giskismet works through the file and does the conversion process. After conversion, copy the new KML file to /sdcard/ so it’s easier to find in the next step:

cp blog_example.kml /sdcard/


Opening in Google Earth

With your Kismet log file converted, all that’s left to do is install Google Earth and take a look. You’ll also need to install a file manager to select the KML file for import into Google Earth (ES File Explorer is recommended). Head over to the Google Play Store to install both applications as you would on any other Android device.

Note: Accessing the Google Play Store will require you to associate a Google Account with your Pwn Pad. You’ll be asked to either create a new account or use an existing one as soon as you open the Play Store for the first time.

Now simply open ES File Explorer and select the blog_example.kml file you moved to /sdcard/:


Google Earth will start up and zoom to your current location. You can then move around the globe, viewing the WiFi networks you detected. Tapping an individual network will let you see additional information about it, such as the channel it was running on, and the MAC addresses of any clients that were connected to it at the time of the scan.