Simple 4G with the Freedom Stick and Pwn Plug

Hey all, just had a chance to try out FreedomPop‘s FreedomStick4G with the Pwn Plug Elite. It works out of the box. Simply plug the device in, wait about 25 seconds for it to connect, and ‘lsusb’ to make sure it was detected:

root@elite:~# lsusb
Bus 001 Device 007: ID 198f:8160 Beceem Communications Inc.

Then, run an ‘ifconfig -a’  to see the device:

root@elite:~# ifconfig -a
eth1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

then grab an address with ‘dhclient’:

root@elite:~: dhclient eth1
root@elite:~: ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
inet addr:X.X.X.X  Bcast:X.X.X.X  Mask:255.255.192.0
inet6 addr: fe80::21d:88ff:fe51:b3bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:19 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2626 (2.5 KiB)  TX bytes:1346 (1.3 KiB)

It appears to be using the Clear Wireless network, as I got an address with the name “clearwire-wmx.net.” – They’re also blocking inbound SSH, so configure a reverse shell using the command line or the Plug UI, and you’re pwning over 4G!

Below you can see the relative size of the Freedom Stick with the Pwn Plug Elite.

 

Special thanks to Bill Lynch for pointing us at this handy tool!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *