EH-Net

Has anyone ever toyed around with the idea of using small, discreet, low-power computers (like the Raspberry Pi) as an attack platform? It's small enough that if you got a decent, professional-looking case for it, it could blend in with other network equipment at a client site.

There is a project out there, called RaspberryPwn, that is supposed to be a pentesting Linux distro for the RasPi. It's easy enough to put together your own pentesting tools, especially with something like Arch Linux, but it's still interesting.

Raspberry Pi is not the only platform I have in mind, either. Gooseberry, APC, etc. are similar, each with different specs.

I imagine one could leave a scan running over the course of several days, or weeks, running slow enough to not trigger an IDS, and pick it up later. Some of them are cheap enough that it would be of little concern if you were unable to recover it for some reason (RasPi is only $35).

Anyway, just an idea I had rolling around. Let me know what you think. :)

Neat idea.

While not as 'cheap', the idea's been around for a bit:

http://pwnieexpress.com/

I've been thinking of engineering my own, too, but I really want to try a pwnie, myself, first, as I don't really want to 'reinvent the wheel' if it'll do all I need, already.

My Raspberry Pi is being shipped soon.

You don't even have to go back to pick up your scan results. A reverse tunnel allows full control of your plug for all kinds of goodness....

Yeah, the Pwnie Express is pretty awesome, and looks like it's packed with features and a more powerful platform. However, you don't have the cost benefit of being able to forget about it and leave it behind, it's quite expensive. :P
If you get your hands on one of these, let us know!

I agree about reverse tunnel, I had thought of that, too. I just meant that if you keeping external traffic to a minimum to avoid detection, you could always pick it up later to get your results. Either way would be highly effective.

To further the idea, I was thinking that the device could often change its MAC address, IP, spoof other machines, etc. dynamically, to make tracking it difficult. If you were also doing some kind of network monitoring, you could look for events such as a network scan that isn't your own. You could then stop any active attacks and just watch a passive monitor. When it safe, resume the attack.

I agree on the cost / price point.  Just that I want to get a pwnie first, so that I can decide if I feel like building something, and what 'features' I want to port.

But the 'cheap' aspect of Raspberry Pi is definitely a plus.  :-)

If you just want one to play around with you can get a pwnie cheapish, if you go with a floor model.  They aren't the latest model but they are much cheaper.

http://pwnieexpress.com/products/pwn-plug-floor-model-v1-1-limited-supply (http://pwnieexpress.com/products/pwn-plug-floor-model-v1-1-limited-supply)

I just realized that RaspberryPwn was created by pwnieexpress, so it should be a similar experience. I'll let you guys know if I get a chance to mess around with it, I have several Raspberry Pis to play around with.

I always wanted to get a Nokia N900, and put backtrack on that. I thought it would have been fun. Cell phone, running backtrack. Ok it was a hand held computer with a cell phone attached but still cool.