PWNIE EXPRESS :: The Pentesters Edge ::
The Pwnie Express Blog has a new home!

Please checkout our new blog location, here:

PaulDotCom: Interview with Pwnie Express CTO, Jon Cran
Pwn Plug Floor Models at Ace Hackware!

Thanks to Taylor for hooking this up!

Using T-Mobile 4G “Pay by the day” with Pwn Plug Elite

T-Mobile’s 4G "Pay by the day" plan is the most flexible, convenient, affordable mobile broadband plan we’ve seen to date. For as little as $1 a day (with no contract) you get 4G data speeds and very decent coverage.

Here’s how to use this service with the Pwn Plug Elite/3G:

  1. Call T-Mobile and order the T-Mobile Rocket 4G ($29) USB modem with the “Pay by the day” plan (currently there is no way to order this modem and attach it to this plan through their shopping cart system).
  2. Once you receive the Rocket 4G USB modem, follow the included instructions to activate the data service and purchase the amount of days you’d like to initially attach to your plan.
  3. After confirming the data service is working on your Windows/Mac system, connect the Rocket 4G adapter to the Pwn Plug (make sure you’re running Pwn Plug Release 1.1).
  4. Test the 3G Internet connection as follows:

          # pppd nodetach call tmobile &
          # route del default gw
          # route add default ppp0
          # ping

That’s it! Note the “Pay by the day” service does NOT support SMS texting, so you won’t be able to send text messages or use the Text-to-Bash feature with this service.

- The Pwnie Express Team

Using AT&T Dataconnect SIM cards with Pwn Plug Elite

The AT&T DataConnect Pass plan is a little-known, convenient way for customers (including non-AT&T customers) to buy prepaid 3G/4G mobile broadband data service for use with the Pwn Plug Elite/3G.

Here’s how to do it:

  1. Pick up a (free) DataConnect Pass SIM card at any AT&T retail store. Note they’re not usually on the sales floor, so you’ll need to ask one of the sales associates.
  2. Activate the SIM card by following the steps here. The IMEI number is located on your USB GSM adapter, and the ICCID is the long number on the back of the SIM card.
  3. Insert the SIM card into your GSM adapter, then connect the GSM adapter to the Pwn Plug.
  4. The DataConnect Pass plan uses the APN “broadband”, so you’ll need to change the APN in the PPPd chat script:

          # sed -i ‘s/wap.cingular/broadband/g’ /etc/ppp/peers/e160_chat

That’s it! You can now connect to the Internet via 3G following the usual steps in the Pwn Plug manual. Note the DataConnect Pass service does NOT support SMS texting, so you won’t be able to send text messages or use the Text-to-Bash feature with this service.

- The Pwnie Express Team

Raspberry Pwn: A pentesting release for the Raspberry Pi

Pwnie Express is happy to announce the initial release of Raspberry Pwn! Security enthusiasts can now easily turn their Raspberry Pi into a full-featured security penetration testing and auditing platform! This fully open-source release includes the following testing tools:

SET Fasttrack kismet aircrack-ng nmap dsniff netcat nikto xprobe scapy wireshark tcpdump ettercap hping3 medusa macchanger nbtscan john ptunnel p0f ngrep tcpflow openvpn iodine httptunnel cryptcat sipsak yersinia smbclient sslsniff tcptraceroute pbnj netdiscover netmask udptunnel dnstracer sslscan medusa ipcalc dnswalk socat onesixtyone tinyproxy dmitry fcrackzip ssldump fping ike-scan gpsd darkstat swaks arping tcpreplay sipcrack proxychains proxytunnel siege sqlmap wapiti skipfish w3af

Download your Raspberry Pwn here:

Special thanks to @zenofex for letting us borrow his Pi. Enjoy!

- The Pwnie Express Team

Pwn Plug Patch 1.1.1 Released

Due to a recent spike in the size of the Metasploit Framework (namely within lib/gemcache), Metasploit now requires over 500MB to operate. As the internal NAND flash disk on the Pwn Plug is only 512MB, we decided to bite the bullet and move the Metasploit directory (/opt/metasploit/msf3), and the /pentest folder along with it, to SD card.

Moving forward, you will need to have an SD card inserted into your Pwn Plug when utilizing these tools. The Plug UI, reverse shells, and any tools installed via aptitude will however continue to function without the SD card.

Pwn Plug patch 1.1.1 automatically makes this move for you and can be applied to your Pwn Plug as follows (these steps apply to both Community Edition and Commercial Edition Pwn Plugs):

1. Confirm you have Pwn Plug Release 1.1 installed before proceeding (if not, download it here):

# grep Release /etc/motd

2. Insert an SD card into your Pwn Plug with the card contacts facing UP. We recommend a 2GB or larger Class 10 SD card, such as the supported Transcend card shown here. Pwn Plug Elite users can use the 16GB SD card included with their plug.

3. Log into your plug via SSH or serial console and run the following commands to install the patch:

# wget
# tar zxvf pwnplug_patch_1.1.1.tar.gz
# ./

After the patch is applied, the first reboot of your plug will result in a 1-2 minute pause during startup. This is a one-time delay while the system updates its inode tree for the SD card - subsequent reboots will return to the normal 20-30 second boot time.

Support for this patch is available through our support page. Thanks folks, and apologies for any inconvenience this may have caused!

- The Pwnie Express Team

Limited Supply of Floor Model Pwn Plugs Available!

We’ve got a limited supply of used plugs available. We’re selling them today from the site for $195. Grab one here!

PwnPlug 1.1 reviewed at The PowerBase

We love getting feedback on our products, and Tom Nardi over at the PowerBase blog has put together an excellent and comprehensive review of the PwnPlug 1.1 update, which was recently released. 

Tom brings up many of the things that need work - building a community around the plug, making it easier to use, improving the update speed via debian packages, and a place for feature requests. We hear you, and we’re hard at work on these things. 

As Tom mentions in the review, there’s a lot of fun new features in this release, including a Debian 6 base, updated base packages, Bluetooth support, Zigbee support, text-to-sms functionality, and much more

Stay tuned!

Introducing Jcran!

Hello Hello

My name is Jonathan Cran – Most folks know me by Jon or jcran. I’ve just joined the Pwnie Express team, and want to say thanks to everyone who’s reached out and wished us luck and offered to help. This community is a big part of what drives the entire team here.

There’s nothing quite like being at an early-stage startup. There’s tons to do, lots of distractions, and if you need a resource, you gotta find / build it for yourself. That said, there’s so much excitement and fun to be had in an environment like this. This was my first week, and I spent the majority of it just getting a handle on the state of our infrastructure, reading about ARM / sheevaplugs, and planning our immediate next steps (Vegas) with the team.

You’ll be hearing a lot more from us in the next coming months. Dave and Mark have been heads down on building our next generation products and reaching out to customers to get their feedback. We’d love to hear from you if you have a specific use case that you’d like us to pay attention to. Also, our own Gabe Koss is working on an overhaul to the website that won’t make your eyes bleed. Exciting stuff!