By Martin Bos & Eric Milam
Last month, the guys over at Pentest Geek -Martin Bos (purehate) and Eric Milam (brav0hax) – published a tale of international intrigue that would make James Bond proud. Their article, Checkmate With a Pwn, showed what a couple of wiley pentesters and their trusty Pwnie Express gear can do.
In this post, Martin and Eric recount their international pentesting exploits in detail. They describe how they gained access to the facility using a pretexted SE scenario and then were able to gain access to the physical and wireless networks in short order.
“By the time we were ready to go to the next location for physical testing, we already had domain admin accounts, email accounts, our name in the global address book and a nice write up about each of us on the customer’s intranet page. In other words, if anyone were to look us up, we were legitimate employees with the information to back up our pretext scenario.”
And they had some nice things to say about us, too:
“After using these devices from pwnie express and pushing them to limits we didn’t think they could reach, we can definitely say they far exceeded our original expectations. Even though it was fun to play with the tools, pwnie’s functionality clearly sets them apart from toys. We’re looking forward to the next opportunity, this time with a new improved pwn plug r2. We are grateful to the team at pwnie express for creating these tools and hope others can find them as incredibly useful as we have.”
We want to thank Martin and Eric for sharing their story.