MiniPwner is an inexpensive and portable device designed to allow the user to quickly gain access to a wired network for penetration testing or do a little war-walking to discover open Wi-Fi networks.
It’s a rather clever little DIY project that cobbles together a portable Wi-Fi router, a USB flash drive, a micro-USB backup battery intended for cellphone use, and a software configuration package. Once you’ve got it all hooked together, what can you do with it? From the MiniPwner guide:
Pen Testing Drop Box: In this mode, the MiniPwner used to establish rogue access to a target network during a penetration test. The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)
Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi.
The MiniPwner can run some software directly from the box, such as nmap to map the target network or the samba client to connect to windows shares. Other tools, such as Metasploit or Nessus can be run through the box using a VPN tunnel.
Wireless war-walking: The battery-powered MiniPwner is small enough to fit in your jeans pocket and can run for hours. In wireless war-walking mode you start kismet or aircrack-ng on the MiniPwner and record details about all of the wireless networks detected by the device.
Captive Wifi Portal or Rogue Access Point: Use the Karma application to discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targetted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.
Hit up the link below for instructions on how to build your own as well as a full list of all the software included in the bundle.
Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on Google+ if you'd like.
- Published 01/13/12