Hardware Tools: So which hardware-based tools should you become fluent with or concentrate on when testing or training? Becoming familiar with the following tools should help you prepare for the CEH exam.
Minipwner: Available at www.minipwner.com, this multipurpose tool is about the size of a deck of cards. The device allows for the sniffing of both wired and wireless network traffic.
Since it has a battery, it can be plugged into a client’s network and left behind while you gather information remotely. Because it also acts as wireless access point (fully configurable), it can also perform numerous wireless attacks.
USB Rubber Ducky: Available at www.hak5.org, this is a flash drive-sized device that can be plugged into a system to run scripts for any purpose.
The advantage of this device is that it appears as a keyboard rather than a flash drive, meaning there is little chance of it being detected or stopped by enterprise security policy.
Wi-Fi Pineapple: Also available at www.hak5.org, this is much-talked-about Wi-Fi honeypot and wireless tool. It can be used to perform many of the same tasks as the minipwner.
LAN Turtle: Also available at www.hak5.org, this is a powerful tool for sniffing, capturing, remote accessing, and other capabilities all packaged inside a seemingly innocent Ethernet adapter.
AirPcap: Available at www.riverbed.com, this is a USB dongle used to allow more in-depth analysis of wireless traffic.
It can be very pricey, however, so I would recommend keeping an eye on eBay to see if you can get a used one at a lower cost.
Ubertooth Once: Available at www.greatscottgadgets.com, this hardware device allows for the analysis and detection of Bluetooth devices.
Raspberry Pi: Available at www.raspberrypi.org, this is a minicomputer about the size of a pack of cards.
The benefit of this device is that it can be readily adapted to a number of different situations and has been used to build everything from mini-supercomputers to arcade machines and pen-testing devices. The device runs about $35 in most cases.
Read: Application Security
Pwn Pad: Available at www.pwnieexpress.com, this one is very pricey, but I felt I should include it here just for your review and information.
The Pwn Pad is a tablet device that comes preset and configured with its own operating system and embedded tools for penetration testing.
It can perform all sorts of wireless and Bluetooth hacking as well as password cracking and web application hacking.
While the price tag may keep the device out of the hands of many, it can be obtained on a much tighter budget if you search out the Pwn Pad community edition and follow the instructions to make one yourself. Instructions can be found on the pwnieexpress.com website.
Pwn Phone: Also available at www.pwnieexpress.com, this is essentially the same as their Pwn Pad but shrunk down even more to the size of a smartphone.
Yagi Antenna: You can obtain this tool from many sources. Check sites like eBay or Amazon.com for prices.
Parabolic Antenna: Much like the Yagi, this can be purchased from any number of sources online.
KeyGrabber: Available at www.keelog.com, this is a hardware-based keylogger that plugs into the USB ports on a system.
Tablet: This last one is my personal suggestion and one that I use in my personal life. I use a tablet to keep many of my reference guides and books close at hand.
Thanks to Amazon’s Kindle, I can keep a multitude of books with me without breaking my back in the process.
My personal choice is an Android-based tablet from Lenovo, but you should use the one you prefer. A final reason for using a tablet is that it also reduces the battery usage on my notebook when I have to read simple manual or book.