Pwn Pad User Manual
Contents
1. interface Copyright 2013 Pwnie Express 15 Tshark Terminal version of Wireshark used for sniffing network traffic Option to log to opt pwnpad captures tshark NOTE must have corresponding adapter attached for selected interface pm 5 4 Tshark StringsWatch Tshark cmd piped to Strings cmd to show human readable strings in clear text being sniffed on selected interface Option to log to opt pwnpad captures stringswatch NOTE must have corresponding adapter attached for selected interface StringsWatch SSLstrip Tool used to strip SSL connections and serve HTTP versions of requested URLS on selected interface Logs to opt pwnpad captures sslstrip NOTE must have corresponding adapter attached for selected interface SSLstrip Dsniff Used to watch for clear text username and passwords in transit on selected interface dsniff toolsuite installed though app uses ettercap to provide dsniff functionality currently broken in the dsniff tool Option to log to opt pwnpad captures sniffed date log NOTE must have corresponding adapter attached for selected interface Dsniff Copyright 2013 Pwnie Express 16 Ettercap NG MITM Toolsuite App on desktop provides a quick menu to perform arp cache poisoning known target IP addresses Option to log to opt pwnpad captures ettercap NOTE must have corresponding adapter attached for selected interface Ettercap EasyCreds Menu driven MITM attack suite for automating th2. FANE ELAPPnaEOB 2 Copyright 2013 Rapid Focus Security Inc DBA Pwnie Express Manual revision 4 10 2013 Pwn Pad User Manual Note The online version of this manual is maintained here http pwnieexpress com pages documentation Table of Contents Introduction Legal stuff Pad Feature Getting started Things to be aware of Powering up for the first time Basic navigation Connecting USB devices Recommended apps from Google Play Command terminals amp SSH Android Terminal Emulator Terminal IDE Android SSH Server Ubuntu SSH server OpenSSH One touch pentesting Additional pentesting tools Pwn Pad Resources Copyright 2013 Pwnie Express 1 Introduction Legal stuff All Pwnie Express Rapid Focus Security products are for legally authorized uses only By using this product you agree to the terms of the Rapid Focus Security EULA http pwnieexpress com pdfs RFSEULA pdf This product contains both open source and proprietary software Proprietary software is distributed under the terms of the Rapid Focus Security EULA http pwnieexpress com pdfs RFSEULA pdf Open source software is distributed under one or more of the following licenses GNU PUBLIC LICENSE HTTP WWW GNU ORG LICENSES GPL HTML BSD 3 CLAUSE LICENSE HTTP WWW OPENSOURCE ORG LICENSES BSD 3 CLAUSE OPENSSL TOOLKIT DUAL LICENSE HTTP WWW OPENSSL ORG SOURCE LICENSE HTML APACHE LICENSE VERSION 2 0 HTTP WWW APACHE ORG LICE
3. NSES LICENSE 2 0 HTML 0000 As with any software application any downloads transfers of this software are subject to export controls under the U S Commerce Department s Export Administration Regulations EAR By using this software you certify your complete understanding of and compliance with these regulations Pwn Pad Features Core Features Android OS 4 2 and Ubuntu 12 04 Large screen Powerful battery OSS Based Pentester Toolkit Long Range Wireless Packet Injection Included Accessories TP Link High gain 802 11b g n USB wireless adapter Sena High gain USB Bluetooth adapter USB Ethernet adapter USB OTG cable for USB host mode Wireless Tools Aircrack ng Kismet Wifite 2 Reaver MDK3 EAPeak Asleap 2 2 FreeRADIUS WPE Copyright 2013 Pwnie Express 2 Hostapd Proxmark3 suite Bluetooth Tools bluez utils btscanner bluelog Ubertooth tools Web Application Testing Tools Nikto e war Network Tools NET SNMP Nmap Netcat Cryptcat Hping3 Macchanger Tcpdump Tshark Ngrep Dsniff Ettercap ng 7 5 3 SSLstrip v9 Hamster and Ferret Metasploit 4 SET Easy Creds v3 7 3 John Hydra Medusa 2 1 1 Pyrit Scapy Getting started Things to be aware of WARNING DO NOT UPGRADE THE ANDROID OS Supported updates for the Pad will be provided by Pwnie Express see http pwnieexpress com pages downloads for latest updates Upgrading the Android OS directly is not supp
4. access it must SSH into localhost thus all current apps login to localhost before running any commands or pentest tools You ll need to add a Google Gmail account to access the Google Play store Powering up for the first time 1 Power on device by holding power button until Google logo appears WARNIN DO NOT UPGRADE THE ANDROID OS IF PROMPTED 2 Once device is fully booted open the RootShell app in the top left hand corner of the screen Google RootShell 3 The first time the RootShell app is run it will generate a unique SSH key pair for the Ubuntu SSH server 4 Press ENTER at each prompt to accept key generation defaults NOTE Setting a password for the SSH server private key is not recommended and will prevent the functionality of most Pwn Pad tools 5 Type yes when prompted Copyright 2013 Pwnie Express 4 his is your first time running the rootshell a unique ssh key must me ssh id_rsa passphrase empty for same passphrase identification has been saved in root ssh id_rsa key has been saved in root ssh i gerprint 65 15 ab fc 0s b9 97 randomart imag Secure Shell server sshd The authenticity of host localhost 127 0 0 1 can t be established ECDSA key fingerprint is 72 30 31 72 2a bf c0 4f le eB fa db a0 1f e4 36 Are you sure you onnecting yes no yes The script will end by placing the user in opt pwnpad This is the main area where the Pwn Pad scripts c
5. and places user in the opt pwnpad folder RootShell ReverseSSH Allows user to create a reverse SSH shell connection to a SSH server on desired port ReverseSSH HostMacChanger Randomizes the hostname and MAC address of selected interface HostMacChange LogWiper Securely wipes all captures logs tmp files and or bash history if desired LogWiper BluetoothScan Scans for bluetooth devices using hcitool i hciO scan flush class info showing detailed bluetooth data about each devices found including device type class and services available Copyright 2013 Pwnie Express 13 Logs to opt pwnpad captures bluetooth NOTE Must have SENA UD100 bluetooth adapter attached to Pwn Pad Bluelog Bluetooth scanning tool which logs device name MAC address and class id Logs to opt pwnpad captures bluetooth NOTE Must have SENA UD100 bluetooth adapter attached to Pad Bluelog Airodump Runs airodump ng wlan1 to show current surrounding wireless in real time with clients connected and probe requests from clients NOTE Must have TPlink wireless adapter attached to Pad Use Volume Down button and C key to close gracefully Airodump Kismet Wireless packet sniffer for logging all wireless data seen Ubertooth supported Start sequence once TPlink adapter has been plugged in Enter Enter Enter Tab Put keyboard down with down arrow in bottom left hand corner NOTE Must have TPl
6. aptures logs and tools not found in usr bin reside NOTE Most Pad apps automatically log to opt pwnpad captures Basic navigation All basic tablet navigation outside of the command line uses the front end OS Android Jellybean Swiping tapping and tap and hold are all part of Android s intuitive navigation system that make using an Android device easy and natural There are a few basic navigation steps that are essential to pentesting with the Pwn Pad When opening multiple apps and spawning multiple terminal windows simply swipe across the terminal window to switch to the next terminal window The best way to close an app is to tap the multi view double rectangle icon in the bottom right hand corner Then from the listed window mode swipe the miniature window off the screen by swiping it to the right To verify an app has really stopped running use the app manager within Settings gt Apps gt Running tap the Terminal Emulator then tap Stop This will ensure the app has completely stopped Below are a series of screenshots to illustrate this NOTE This is how to properly end all pentesting apps on the Pwn Pad Copyright 2013 Pwnie Express 5 Typical open close scenario when runnii RootShell 9 Pwn Pad apps on desktop Example Closi Keep the app manager open in the background to easily kill tasks by switching to multiview To open app manager go to Settings gt Apps gt Running ac
7. cess settings icon in the tray on the bottom right or you can swipe from the top right side of the screen down Next go to Apps then tap RUNNING in the top right These are the only apps that need to be running Copyright 2013 Pwnie Express 6 RUNNING Terminal IDE 1 process and 2 service Select the Home button the house icon located in the center of the screen at the very bottom to get back to the Pad desktop Now select Root bottom right hand corner double rectangle icon ell To close RootShell tap the multi view icon in the RootShell Ne Expres Every app will spawn both the app name and the Terminal Emulator Swipe Terminal Emulator and the app name off the screen to close initially Then tap the settings window showing Running apps to kill the Terminal Emulator process completely cow Running app Terminal Emulator 1 process and 1 s SERVICES TermService by app This service was started by its Stopping it may cause the app to fail PROCESSES E Terminal Emulator jackpal androidterm Main process in use Multi view can also be very useful for switching between app equivalent to ALT TAB on a computer To file browse using the GUI open the Astro File Manager app shortcut in the tray on the bottom Copyright 2013 Pwnie Express 8 Connecting USB devices How to connect OTG cable and included accessories Any USB ac
8. cessories included with the Pwn Pad can be connected to the device and attached via velcro to the back of the case Each app that corresponds to the attached device will set up the device for you Included adapters will show up as the following in the Ubuntu chroot environment TP Link Wireless wlano Sena Bluetooth USB Ethernet eth How to connect USB flash drives Connect a USB flash drive to the Pwn Pad via OTG cable Once connected USB OTG Helper will appear tap OK Once USB OTG Helper has loaded select MOUNT Once mounted USB drive will show up under storage UsbOtgDrives drive1 Access from command line or Astro File Manager To unmount safely open USB OTG Helper and select UNMOUNT oye NOTE USB drives can be accessed through Astro File Manager by going to My Files once properly mounted The folder UsbOtgDrive will appear in Storage within Astro File Manager Recommended apps from Google Play For added functionality we recommend downloading these additional Android apps from the Google Play store While these apps are free they are released under third party licensing and thus we are not able to bundle them into the Pad image Android SSH server Astro file manager USB OTG helper 1 4 subnet calculator Copyright 2013 Pwnie Express 9 Connect Cat Command terminals amp SSH Android Terminal Emulator All Pad apps on the desktop ru
9. e setup and configuration of several wireless and network level attacks FreeRadius WPE attack fully functional NOTE FreeRadius attack is the primary function and use of this tool at this time all other attacks have not been fully tested Must have TPlink wireless adapter attached to Pad Use Volume Down button and C key to close gracefully EasyCreds SET Social Engineering Toolkit used for many MITM attacks combined with social engineering Incredibly extensive toolkit SET Metasploit Metasploit framework 4 latest up to date stable release Exploitation framework Metasploit Additional pentesting tools All remaining command line tools not in the path can be found in opt pwnpad Copyright 2013 Pwnie Express 17 Jopt pwnpad Pwn Pad Resources Latest Pwn Pad user manual http pwnieexpress com pages documentation Latest software updates http ownieexpress com pages downloads Technical support http pwnieexpress com pages support Copyright 2013 Pwnie Express 18
10. f you tap exit the server will not successfully start again until it has been killed via app manager To access the Android file system via the Android SSH server use the following port and credentials From linux computer ssh root ip address of Pwn Pad p 8443 Example ssh root 192 168 1 100 p 8443 Default username root Default password pwnplug8000 To gain root access type su To gain access to the Ubuntu chroot with Pwn Pad tools type bootubuntu Ubuntu SSH server OpenSSH By default OpenSSH Server is installed within the Ubuntu chroot environment In order to access it over the network you must edit the sshd config file and the restart the SSH service From rootshell nano etc ssh sshd config Comment out the line that says ListenAddress 127 0 0 1 by adding a in front of it ListenAddress 127 0 0 1 Type CTRL O then hit enter then CTRL X to save changes to the file To restart the SSH server type etc init d ssh restart Copyright 2013 Pwnie Express 12 To access the Ubuntu chroot file system the Ubuntu SSH server use the following port and credentials From linux computer ssh rootG ip address of Pad Example ssh root 192 168 1 100 Default username root Default password pwnplug8000 NOTE To access internal Android storage from the Ubuntu chroot side cd sdcard One touch pentesting RootShell Provides root access via Android Terminal Emulator
11. inal IDE does however support pasting from selected copied text from Android Terminal Emulator Terminal window navigation is swipeable and if you tap and hold on the screen it will let you select one of four windows Only four open windows are possible and also always open To gain root access on Android via Terminal IDE type the following terminal localhost su To gain root access to the Ubuntu chroot environment type root localhost data data com spartacusrex spartacuside files bootubuntu Android SSH Server The Android SSH Server installed can be useful for gaining access to the Android file system via SSH Unfortunately it has some bugs on the Nexus 7 it may be incredibly slow for a local network connection and has issues when trying to exit from the command line Below are the details of how best to utilize this app To start the Android SSH server Tap the SSH Server icon on the desktop to the left access by swiping over from right to left from the main screen Once the app is open tap the ssh server listed and select Start Stop A little window will then pop stating The server has been started Copyright 2013 Pwnie Express 11 000x260 NOTE Once stopped there is a bug that doesn t let the SSH server properly start up again To restart the SSH server simply kill the SSH Server app from the app manager Once it has been killed you can open it again and start the server successfully Even i
12. ink wireless adapter attached to Pwn Pad Hit ESC and use arrow keys to select close to close gracefully Kismet Kisbee Zigbee wireless packet capturing and mapping tool Android app NOTE Must have a Kisbee adapter NOT INCLUDED connected to Pwn Pad 4 Kisbee Copyright 2013 Pwnie Express 14 WifiteV2 Automated wireless attack auditing tool Front end automation for Aircrack NG suite After attaching TPlink wireless adapter open WifiteV2 and select 3 wlan1 to place into monitor mode Hit Volume Down Button C to select targets NOTE Must have TPlink wireless adapter attached to Pad Use Volume Down button and C key to close gracefully WifiteV2 EvilAP Aggressive wireless access point used to forcefully associate wireless clients in range with vulnerable preferred network list NOTE Must have TPlink wireless adapter attached to Pwn Pad Use Volume Down button and C key to close gracefully EVilAP Ubertooth Bluetooth full packet sniffing using Ubertooth toolsuite NOTE Must have an Ubertooth adapter NOT INCLUDED connected to Pwn Pad s Ubertooth Pcap Capture App to capture packets via attached usb adapter Android app NOTE Must have TPlink wireless adapter attached to Pwn Pad Pcap Capture Tcpdump TCP Packet sniffer used to sniff network traffic on selected interface Option to log to opt pwnpad captures tcpdump NOTE must have corresponding adapter attached for selected
13. n scripts by launching Android Terminal Emulator As true root access isn t available through this terminal each script starts by SSHing into localhost to gain root access If you open Terminal Emulator on it s own you must type the following to have true root access su root android bootubuntu root localhost ssh root localhost Now you will have full root access to run commands NOTE Volume Down button is the CTRL key for Terminal Emulator use with all Pwn Pad apps Example For CTRL C press Volume Down and C The CTRL key on the onscreen keyboard only works with Terminal IDE To copy paste simply tap and hold in the terminal window tap Select text To paste tap and hold and select paste Select text Copy all Paste Send control key Send fn key Copyright 2013 Pwnie Express 10 NOTE Selecting text works best when placing your finger directly below the text so the tip of your finger is at the bottom of the text you are selecting Moving between terminal windows is as simple as swiping across the screen Be sure to kill Terminal Emulator in the app manager when you close the terminal as described in the navigation section Terminal IDE Terminal IDE gives you full root access without having to ssh into itself It is very nice with a lot of different options but unfortunately has a limited copy paste ability The only copy paste options are to select all text and copy paste Term
14. orted and may affect wireless packet injection and external adapter capabilities Copyright 2013 Pwnie Express 3 Only one directly attached external USB device is supported at a time To attach multiple external USB adapters at once an externally powered USB hub is recommended though a non powered hub may support up to two devices at a time depending on power draw The tablet s internal wireless and Bluetooth hardware does not support packet injection or monitor mode The included external USB wireless Bluetooth adapters are the only supported adapters offering packet injection and monitor mode at this time Sometimes when the display goes into sleep mode it has trouble coming back on Be aware the device may actually still be on and running even if it doesn t instantly come back to life Though this doesn t happen often the display sleep timeout has been set to 30 minutes to avoid this until we have a fix To turn screen off manually press the power button once There are two command terminals installed Android Terminal Emulator and Terminal IDE All desktop apps currently use the Android Terminal Emulator with this terminal press the Volume Down button for the CTRL key There are two SSH servers installed the Android SSH server and openssh server in the Ubuntu 12 04 chroot environment The Ubuntu SSH server is set to listen on localhost only by default In order for Android Terminal Emulator to have full root
Download Pdf Manuals
Related Search