MiniPwner How-To (Kevin Bong)

From Paul's Security Weekly
Jump to: navigation, search

Tech Segment: MiniPwner (TP-Link TL-WR703n Pen Testing Drop Box)

Background

The MiniPwner is a pen-testing drop box. Prior to the MiniPwner we were using a Pwnie Express or an Apple travel router as drop boxes during physical penetration tests. But these solutions depended on a known IP addressing scheme or DHCP, a power outlet near an open network port, and unfiltered Internet access. My wish list for a home-built drop box was a router that was small, inexpensive, OpenWRT supported, had wired and wireless interfaces, had space for a USB drive, and could be battery powered, all without soldering or custom firmware. The WR703N router had recently become available and OpenWRT supported and seemed to be a perfect fit.

Incarryingcase1.png

What Makes it Cool

  • TL-WR703N is cheap (under $25)
  • Small but powerful - Wired, Wireless, USB, battery power
  • No need to compile firmware or do any soldering to build a MiniPwner
  • Flexibility - add whatever packages you desire

MiniPwner Build Overview

What you'll need:

  • TPLink TL-WR703N (or the slightly larger TL-MR3020)
  • USB flash drive (I like the low profile Cruzer Fit drives)
  • Battery Pack (I get the Sharper Image charger kit)
  • Ethernet cable, velcro

High Level Build Steps 1) Download the current OpenWrt firmware from downloads.openwrt.org or the 5/14/2012 "Derbycon" build off minipwner.com. 2) Use the web interface of the factory firmware to flash the router 3) Configure the Network 4) Mount the USB Drive 5) Download and install security packages

Some of the packages in the build script include: Nmap, Tcpdump, Aircrack-ng, Kismet, Openvpn, Airpwn, Dsniff, SSLsniff, Parasite, Reaver, Nbtscan, Snort

The "DerbyCon" build uses the nightly snapshot from 5/14/2012 with a couple mods. A custom build script can be found in /user/share after the firmware is applied, and Reaver has been added to the packages repository. It is the only build I know of with Dsniff, Kismet and Reaver all working.

Some of Kevin's favorite TL-WR703N Mods and Projects

Add a serial cable so you can re-flash a bricked router

Internal USB Hub Expansion

Hubmod.png

"Karma (Jasager/Wifi Pineapple capabilities)"

Meld the battery to the router

Pirate Box

Piratebox.png

Home Automation

Robot Control

Robot310.png


MintyPwner MiniPwner guts shoved into an Altoids tin

Mintyopenzoom.JPG

Lots of other projects in the WR-703N OpenWRT Forum