Tuesday, March 26, 2013

Review:Pwnie Express Plug

This post pertains to the pwnie express mini plug available from here;


Since my purchase, that plug does not seem to be present on the website, but the  wireless plug is similar. This website gives you some details on the plug and with regards to mini-plugs formats.


To start;  the guys at PwnieExpress, have done their homework and offers a very good  functional plug. It's design around;  "ease and quick deployment". The plug only draw back; are the limited storage capacity and cost.

The plug has a superior usermanual  ( available online ) that's ship with the plug, & that goes over almost all the setup functions. It gives you example of what you need to do to operate this plug.

When you boot the plug, you will be welcome with the following,  after your ssh login

The plugs run with no manpages or other misc materials, due to the limited internal storage restrictions. So if you are weak on your linux skills, you better have access externally to Man Pages or other HOWTOs.


The plug supports both wireless and  bluetooth , along with the internal ethernet port. I found the wireless ethernet adapter some what protruding, but otherwise simple to operated. I would suggest using a extended usb cable,  to some how hide the antennae from visual view.

I used a few wireless cracking utilities and it ran brilliant.

The systems runs the following listeners ;

note:  Port 8443 is used primarily for the Plug webUI. 

Once you have the gui accessible, the plug interface is quick and straight forward for setup and configuration. It features quick  tabs, which covers  most of the plug functions, minus the pen-test tools.

I found  these function to be;

  • simple 
  • quick to configured
  • and ease for the novice to well experience pen-tester to follow

The plugWebUI also cover almost everything from something as simple as resetting the PlugUI password. They even warn you in the document and webGui that this password is not the same as  the shell

The plug ethernet is configured for DHCP , but allows you to re-configure it for static-ip,  and you can change almost everything that you might encounter.

For alerting you have a host of options;

note: They thought almost everything :)

The plug also has the function to conduct passive recon. This would be great for a tap or hub port, where all traffic is present and no active engagement from the plug. Passive recon would be more effective with a hub , monitor or tap port.

my plug has the ability to setup covert back channels;

So for back channels, the plug has all angles covered. And provides quick status as to what you have running.

note: I would suspect you would want to write a basic bash script, that could provide you all of these status details and could be ran under the user profile to execute at the login.

PwnieExpress also provide some what  of a simple on-the-plug help, just in case you get lost or confused.

For network connectivity wired/wireless the device function quite well and even has support for ipv6 natively. Which I'm investigating personally on how to engage my plug within a ipv6 topology and to build covert channels over a ipv6  connectivity. More to come  on that as I get going.

The biggest complaint from me , pertains to storage size. This plug is small form factor and this is to be expected, but it would be nice to have more than  250-500+ megs of storage access imho


The plug overall is not bad and well thought out. Where they are lacking at in storage, they made up for with overall access and configuration.  You can get a list of the available pre-cannned pen-test tools included on the plug via the website.



  •  very well design
  •  design for ease of deployment
  •  effective management of covert  back channels
  •   lack of onboard manuals pages
  •   the cost
  •   external 802.11/celluar wireless adapter could be suspicious
  •   storage capacity size

Ken Felix
Freelance Network/Security Engineer
kfelix at hyperfeed dot com

No comments:

Post a Comment