Embed Size (px)
Citation preview
::PWNIE EXPRESS::
Build your own PwnPad Workshop!
Pwnie Express - We make cool things!
Why build your own Pwn Pad?
● Cheaper (this is for all you broke hackers!)● Incredibly useful platform for penetration
testing and auditing● Makes you look cool ● Always good to get exposure to how flashing
of any mobile device works – good intro to Android
What can you do with a PwnPad?
● Wired/Wireless Assessments● Bluetooth Assessments● Physical Drop Test● Lots of things! We'll go over other use cases
once we start building.
What we will cover:
● Setting up the build environment● Building the PwnPad● Using the PwnPad● Demos!
What you will need
● Google Nexus7 tablet (32GB 4G preferred)
● USB OTG Cable
● USB Flash Drive 4GB or larger
● Linux Laptop (Ubuntu 12.04 or greater preferred)
● PwnPad Image and install scripts
● Android Fastboot and ADB tools
● Network Connectivity (for build machine only)
Installing fastboot and ADB KALI Linux
mkdir /opt/android && cd /opt/android
echo "deb-src http://debian.ens-cachan.fr/ftp/debian/ sid main contrib non-free" >> /etc/apt/sources.list
apt-get update
apt-get -y build-dep android-tools
apt-get -y source --build android-tools
dpkg -i android-tools-*.deb
cd ~
rm -rf /opt/android
sed -i 's/.*cachan\.fr.*//' /etc/apt/sources.list
Setting up your build environment:
● (If not running Ubuntu 12.04) Install Android Tools – fastboot and adb
● Download the PwnPad Image available here:http://pwnieexpress.com/pages/community-downloads
● Or get it from us on a flash drive● Extract Image and build script● Copy Image (TWRP folder) to root of USB drive● Chmod script, run build script and follow directions
Extract Image and build script:1. Open root shell
2. Extract image:
tar -jxvf pwnpad*.tar.bz2
3. Copy TWRP folder to root of USB drive:
cp -R TWRP /media/usb1/
4. Chmod build script, run build script:
cd pwnpad_build_script/
chmod +x flash_pwnpad.sh
./flash_pwnpad.sh
5. Follow directions on screen!
WARNING!
This installation process will permanently erase all data on your
Nexus tablet device!
Any data you wish to preserve should be backed up to an external
system or hard drive before proceeding!
Flashing your Nexus 7
● Boot your Nexus 7 into Fastboot mode – Power on the Nexus7 while holding Volume Down
Flashing your Nexus 7
● Follow the on-screen instructions!– The flashing process can be restarted at any time
Unlock the bootloader – press power button
Flashing your Nexus 7 - TWRP
Flashing your Nexus 7
● Connect the USB drive to the OTG cable and plug it into the Nexus 7 ● Click Restore● If “PwnPadv0a” doesn't immediately show up, click the back arrow and then re-click the Restore button● Click “pwnpadv0a” ● Slide the slide to the right
Flashing your Nexus 7
● Once the flashing has completed, you will be prompted to “Reboot”
● Hold down the Volume Down button and select reboot– This will bring you back to the Fastboot screen
● Remove the OTG cable and plug the Nexus 7 back into the mini-USB cable conencted to your laptop
● Hit Enter in terminal window for script to finish
Once Your Pad is Built:
DO NOT RUN ANDROID UPDATE! IT WILL BREAK EVERYTHING!● Open RootShell icon and hit enter, enter, enter,
then type yes, and hit enter.● Connect to wireless for Internet access● Update PwnPad with the following cmd:
wget -O - http://pub.pwnieexpress.com/updates/pwn_pad/latest.sh | /bin/bash
Recommended Android Apps:
● Astro File Manager● USB OTG Helper● Android SSH (if you want SSH access to Android)
● Fing – great Android tool for quick network scans
● Droidwall (android firewall)
Wireless Tools:● Aircrack-NG 1.1 r2245
● Kismet (New Core with Ubertooth support)
● Wifite-2
● Reaver
● MDK3
● EAPeak
● Asleap-2.2
● FreeRADIUS-WPE
● Hostapd - Karma Patched
● Bluetooth Toolsuite: bluez-utils, btscanner, bluelog
● Ubertooth toolsuite
● Proxmark3 Support (RFID sniffing/replaying)
● Kisbee (Zigbee sniffing with Dragorns device)
Network Tools:● NET-SNMP (snmpwalk,
snmpget, etc)
● Nmap
● Netcat
● Cryptcat
● Hping3
● Macchanger
● Tcpdump
● Tshark
● Ngrep
● Dsniff
● Ettercap-ng 7.5.3 Assimilation
● SSLstrip v9
● Hamster and Ferret
● Metasploit 4
● SET
● Easy-Creds v3.7.3 (custom modified)
● John (JTR)
● Hydra
● Medusa 2.1.1
● Pyrit
● Scapy
Web Tools:
● Nikto● Wa3f
PwnPad Adapters
● TP-Link 80211n - Atheros chipset● Sena UD100 Bluetooth● Trednet USB-Ethernet
Other Supported Adapters:(Not included)
● UbertoothUbertooth● Proxmark3Proxmark3● Kisbee (Dragorns Zigbee device)Kisbee (Dragorns Zigbee device)● USB flash drivesUSB flash drives● USB keyboard and miceUSB keyboard and mice
Capabilities and Use Cases:
● Wireless and Wired Assessments● Rapid deployment● Bluetooth Assessments● Physical Drop test● Physical Penetration Tests
Wireless Assessments
● Wireless Site Survey tool● Rouge AP/Device tracker● Passive Wireless Recon● Wireless client auditing (find vulnerable
wireless clients● WEP/WPA cracking● RADIUS Security Testing
Bluetooth Assessments
● Visablitity into your Bluetooth environment● Device Identity tracking and recon● Ubertooth Applications● Bluetooth Pentesting
Physical Drop Test
● Plug into the wired network and walk away● Remote Access via the out-of-band 4G
connection● Data Exfiltration testing● Firewall Perimeter Testing
Other Use cases
● On the fly Social Engineering attacks● MiTM to the MAX !!● Exploiting Vulnerable Systems● Showing Upper management why security is important
In Closing
● Rapid Deployment ● Pentesting on the Fly● Wireless Awareness ● Finger Printing Devices● Virtual Identities
Thank You!
Contact:
awk[at]pwnieexpress.com
kevin[at]pwnieexpress.com
Irc: Freenode #pwnieexpress
http://pwnieexpress.com
