Skip to main content

Rogue Device Spotlight: #r00tabaga MultiPwner

Rogue Device Spotlight: #r00tabaga MultiPwner

29.Jan.2020
Pwnie Express, an Outpost24 company
Building on the groundwork laid by the MiniPwner and WiFi Pineapple, ACE Hackware’s #r00tabaga MultiPwner combines the best traits of both devices into one exceptionally portable and capable tool.

Popularity: 7

How often the rogue device is used in the wild to conduct real-world attacks, with 1 being the rarest, 10 being widely used.

Another one of the “name brand” penetration testing devices, the #r00tabaga’s popularity stems from its usefulness to conduct multiple types of attacks on a tried and tested hardware platform.

Simplicity: 7

The cost or “DIY burden” of the device, availability (ease of acquisition), and degree of skill necessary to deploy/operate the device, with 1 being expensive/difficult to build, not publicly available, and requiring deep technical expertise to operate, 10 being low-cost, available for purchase online, plug-and-play operation.

While the #r00tabaga is another of the pre-built penetration testing tools, its two potential uses make it both slightly more expensive and challenging to use than either of its parts. However, with instructions on how to set up your own #r00tabaga and the availability of purchase online, the tool is fairly simple to acquire, if not quite as easy to use.

Impact: 6

The potential damage caused by successful execution of the attack, with 1 being exposure of trivial information from the target, 10 being organization-wide superuser-level compromise or equivalent.

Used properly, a #r00tabaga can cause the damage of a Pineapple Hak5 or the MiniPwner. As always, the full exposure of information of the target depends heavily on the way that the organization’s security controls are structured, but the #r00tabaga gives a hacker an effective route into the target’s networks.

#r00tabaga MultiPwner

Building on the groundwork laid by the MiniPwner and WiFi Pineapple, ACE Hackware’s #r00tabaga MultiPwner combines the best traits of both devices into one exceptionally portable and capable tool. The MiniPwner’s OpenWRT core gives the #r00tabaga all the dropbox tools you’d expect, and the WiFi Pineapple’s automated rogue access point functionality makes setting up a cloned network a hands-free affair.

The #r00tabaga MultiPwner is based on the TPLink MR3040 travel router, a device that’s proven popular in the OpenWRT community thanks to its low cost and built-in battery.

#r00tabaga MultiPwner Hardware Specifications

  • CPU: Atheros AR7240 @ 400 MHz
  • RAM: 32 MB
  • ROM: 4 MB
  • OS: OpenWRT
  • I/O: Ethernet, USB, Serial
  • Radio: Atheros AR9331 802.11 b/g/n
  • Storage: USB Flash Drive

#r00tabaga MultiPwnerPhotos

#r00tabaga MultiPwner device

#r00tabaga MultiPwner Notable Features

The #r00tabaga operates in two distinct modes, called “MiniPwner” and “Pineapple”, which the operator can switch between by using the “activate minipwner” or “activate pineapple” commands accordingly. Switching modes therefore requires an interactive shell on the device, as well as a reboot to make the switch. This can make mode switching a bit cumbersome in the field.

By default the #r00tabaga operates in MiniPwner mode and creates a WiFi network the operator can connect to for configuration. When switched into Pineapple mode the user connects to the device via the Ethernet port, and the #r00tabaga will start cloning WiFi networks that client devices are looking for. Once clients have connected, the #r00tabaga has access to the full suite of WiFi Pineapple Infusions in addition to the standard penetration testing tools.

Since it’s based on open source projects, the #r00tabaga can be built from the ground up by a user who’s willing to spend the time working on their own TPLink MR3040 hardware.

Conclusion

Combining the MiniPwner and WiFi Pineapple software into one device is a logical evolution of these popular open source penetration testing projects, but the process of switching between them hinders the overall experience. The #r00tabaga is more expensive than either of the products it’s based on, though at only $150 it’s still very affordable. Enabling users and developers to build their own version of the #r00tabaga from the OpenWRT sources offsets the higher cost to a degree, but the lack of clear and concise documentation makes this process more difficult than it could be.

Discover our wireless security solution

Looking for anything in particular?

Type your search word here