r00tabaga MultiPwner Pen-Test Drop Box
The ACE r00tabaga MultiPwner combines the functionality of a "Pentest Drop Box" with the man-in-the-middle capabilities of "Hot-Spot Honeypot" into an integrated battery-powered device!
(Want to see how one user attached his #r00tabaga to a Parrot AR Drone to create a Wireless Drone that Can Hack a Phone, PC or Mac from the sky!? Check out this video!)
In "minipwner" mode, the #r00tabaga is a "Pentest Drop Box" used to establish rogue access to a target network during a penetration test.
In "pineapple" mode, the #r00tabaga is a "Hot-Spot Honeypot," inconspicuously intercepting WiFi probe requests from every target device near you and automatically intercepting and re-routing their traffic transparently!
The #r00tabaga is thinner than the MiniPwner, smaller and lighter than the WiFi Pineapple, and has a built-in 2000mAh LI-ON battery! This powerful device can easily operate from inside a coat or pants pocket, or it can be inconspicuously plugged into a network to provide a penetration tester remote access from anywhere in the world!
And unlike either the MiniPwner or the WiFi Pineapple, the #r00tabaga is fully self-contained, requiring no external power, antennas or batteries to operate! Just turn it on and pwn!
- Integrated Wired and Wireless
- Once plugged into a target network, the #r00tabaga can establish an SSH tunnel through the target network, or can be accessed by wifi. In addition, the #r00tabaga can be configured as a wifi sniffer and logger - wardriving in your pocket.
- Low power consumption
- With the 2000 mAh built-in rechargeable battery, the #r00tabaga will run for hours! No need to find a power outlet during the pen-test.
- Tons of Pen-Testing and Security Tools
- wget, tcpdump, nmap, kismet, aircrack and dozens more hacking tools all come pre-installed
- Simple Web Interface
- Leveraging the Luci web interface from OpenWRT, the open source web interface from the WiFi Pineapple and the S.W.O.R.D. web interface by zer0byte, the #r00tabaga MultiPwner makes launching man-in-the-middle attacks as simple as setting up your home WiFi router.
- Flexible and Expandable
- Like the MiniPwner and the Wifi Pineapple, the #r00tabaga runs on the open source OpenWrt operating system. You can easily add or change installed packages from the web interface or command line.
- Small size
- The #r00tabaga can be easily carried in a pocket, hidden behind a telephone, or even hung from an ethernet jack by a short ethernet cable (included).
What can you do with it?
Pen Testing Drop Box
In this mode, the #r00tabaga is used to establish rogue access to a target network during a pentest. The penetration tester uses stealth or social engineering techniques to plug the r00tabaga into an available network port (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc).
Once is plugged in, the pentester can log into the #r00tabaga and begin scanning and attacking the network. The #r00tabaga can simultaneously establish SSH tunnels through the target network, and also allow the pentester to connect back via Wifi. Many tools can run locally, and more powerful tools such as Metasploit or Nessus can be run through the r00tabaga using a VPN or SSH tunnel.
The battery-powered #r00tabaga is small enough to fit in your pants pocket and can run for hours. In wireless war-walking mode you start kismet or aircrack-ng on the r00tabaga and record details about all of the wireless networks detected by the device.
Captive Wifi Portal or Rogue Access Point
Use a tool like Karma to discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targetted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Fake services can then capture credentials or exploit client-side vulnerabilities on the host.
(Looking for a r00tabaga Quick Start Guide? It's here: r00tabaga-instructions.pdf)
(Looking for r00tabaga Support? It's here: http://acehackware.com/r00tabaga-support)