Rogue Device Spotlight: #r00tabaga MultiPwner

RISK ASSESSMENT RATING: 6.67

 

Popularity: 7

How often the rogue device is used in the wild to conduct real-world attacks, with 1 being the rarest, 10 being widely used.

Another one of the “name brand” penetration testing devices, the #r00tabaga’s popularity stems from its usefulness to conduct multiple types of attacks on a tried and tested hardware platform.

 

Simplicity: 7

The cost or “DIY burden” of the device, availability (ease of acquisition), and degree of skill necessary to deploy/operate the device, with 1 being expensive/difficult to build, not publicly available, and requiring deep technical expertise to operate, 10 being low-cost, available for purchase online, plug-and-play operation.

While the #r00tabaga is another of the pre-built penetration testing tools, its two potential uses make it both slightly more expensive and challenging to use than either of its parts. However, with instructions on how to set up your own #r00tabaga and the availability of purchase online, the tool is fairly simple to acquire, if not quite as easy to use.

 

Impact: 6

The potential damage caused by successful execution of the attack, with 1 being exposure of trivial information from the target, 10 being organization-wide superuser-level compromise or equivalent.

Used properly, a #r00tabaga can cause the damage of a Pineapple Hak5 or the MiniPwner. As always, the full exposure of information of the target depends heavily on the way that the organization’s security controls are structured, but the #r00tabaga gives an penetration tester an effective route into the target’s networks.

 

#r00tabaga MultiPwner

Building on the groundwork laid by the MiniPwner and WiFi Pineapple, ACE Hackware’s #r00tabaga MultiPwner combines the best traits of both devices into one exceptionally portable and capable penetration testing tool. The MiniPwner’s OpenWRT core gives the #r00tabaga all the dropbox tools you’d expect, and the WiFi Pineapple’s automated rogue access point functionality makes setting up a cloned network a hands-free affair.

The #r00tabaga MultiPwner is based on the TPLink MR3040 travel router, a device that’s proven popular in the OpenWRT community thanks to its low cost and built-in battery.

 

Hardware Specifications

 

  • CPU: Atheros AR7240 @ 400 MHz
  • RAM: 32 MB
  • ROM: 4 MB
  • OS: OpenWRT

  • I/O: Ethernet, USB, Serial

  • Radio: Atheros AR9331 802.11 b/g/n

  • Storage: USB Flash Drive

 

Photos

r00tabaga_ports_compact

 

Notable Features

The #r00tabaga operates in two distinct modes, called “MiniPwner” and “Pineapple”, which the operator can switch between by using the “activate minipwner” or “activate pineapple” commands accordingly. Switching modes therefore requires an interactive shell on the device, as well as a reboot to make the switch. This can make mode switching a bit cumbersome in the field.

By default the #r00tabaga operates in MiniPwner mode and creates a WiFi network the operator can connect to for configuration. When switched into Pineapple mode the user connects to the device via the Ethernet port, and the #r00tabaga will start cloning WiFi networks that client devices are looking for. Once clients have connected, the #r00tabaga has access to the full suite of WiFi Pineapple Infusions in addition to the standard penetration testing tools.

Since it’s based on open source projects, the #r00tabaga can be built from the ground up by a user who’s willing to spend the time working on their own TPLink MR3040 hardware. The team at ACE Hackware even provides instructions on how to setup your own #r00tabaga from the stock OpenWRT image.

 

Conclusion

Combining the MiniPwner and WiFi Pineapple software into one device is a logical evolution of these popular open source penetration testing projects, but the somewhat awkward process of switching between them hinders the overall experience. Further development to more seamlessly merge these two projects would create a formidable penetration testing device.

The #r00tabaga is more expensive than either of the products it’s based on, though at only $150 it’s still very affordable. Enabling users and developers to build their own version of the #r00tabaga from the OpenWRT sources offsets the higher cost to a degree, but the lack of clear and concise documentation makes this process more difficult than it could be.



Learn More About Rogue Devices

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *