PwnPlug Installation Notes

I just finsihed my installation of the community edition of pwnplug developed by the guys over at pwnieexpress (www..pwnieexpress.com). The installation documentation was a good help; however I did hit a few snags along the way. To make easier for the “next guy” I wrote up some notes during the installation and what to do after the installation to make it easier for everyone (my_installation_notes).

I think this is an interesting space – drop boxing or as I refer to it as Advanced Persistent Computers – APC. I will have more write-up/reviews as I play around with it a little more.

Happy hacking and make sure it’s legal 🙂

 UPDATE:  With the release of version 1.1 of Pwnplug, I wanted to share my thoughts on the upgrade process and the new features. First things first – the upgrade process. While there were several different options out there on the web I descided to follow the “offical” pwnplug installation instructions.  Everything went smoothly and there wasn’t any hicups or gotchas. Unlike the other installation instructions I thought these were easy to follow and accurate. The only reccomendation I would make is to make a file with all the commands that need to be run so you have a quick copy&paste point and don’t have to type them in (I fat fingered a few of them but that is no fault of the folks over at pwnieexpress).

 Secondly while I haven’t yet had the time to take it through it’s paces (allergies/benedryl have made some early nights lately), I did want to make some comments on first impressions: 1. Debian Squeeze boot yime of 20 seconds is AWESOME – you can go from plug to pwned that much faster now. 2. Although we have more tools at our disposal the distro takes up less space leaving more room for additions (logs, apps, reports, etc.) 3. On the CE version there is no default reverse shell so you have to build your own. While I can see the team’s point about omitting them (after all that is how they make their bread and butter) but I would have like to seen one included in the CE version – perhaps a simple reverse SSH shell. Without the reverse shells there isn’t much use for the plug. 4. Additional tools (already kind of stated but wortth having its own part) – the more the merrier in my book.

 Things I have been working on to improve the plug and give back to the community: 1. A Community Edition reference guide – the main manual is written with a paid version in mind and references the UI which is non-existent in the CE version so I made modifications showing the command line options to what is done via the gui.  2. As mentioned above, there is no default reverse shells on the new version, so I wrote my own script to set them up and schedule them to run (nto the prettiest thing out there but it works) http://pastebin.com/2vPLDdDE 3. There is no clean up script either, so I am in the porcess of writing that one now – going to make a remove logs clean up and a “I need more space” script. 4. Also have been looking at “automagic” scripts – scripts to run multiple commands/tools to ease the pain of having to type everything in (ideally automate a pen test but we will see about that).

Posted in Latest Posts and tagged , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *