Pandora’s Box: Pwn Plug Elite Review


Over the last few years we have seen a definite trend away from the traditional desktop computer; whether it’s a laptop, a tablet, or a smartphone, users are increasingly choosing mobile devices over their desk-tethered counterparts. It’s not much of a surprise then that computer security would follow the same trend, with equally revolutionary results.

Pwnie Express

The Pwn Plug is the first product from Pwnie Express, an information security company founded in 2009 by Dave Porcello. Pwnie Express prides itself on delivering cutting edge and disruptive products, and has already made quite a name for themselves with the Pwn Plug and their N900 based Pwn Phone.

Besides both products leveraging high mobility and outside the box thinking, they also share another common trait: they are both powered almost exclusively by open source software. The Pwn Plug runs the ARM build of the ever popular Ubuntu Linux, and includes all the big name open source security tools such as nmap, Kismet, Aircrack-ng, Ettercap, etc, right out of the box. Pwnie Express has even gone so far as to offer “Community” editions of the Pwn Plug and Pwn Phone firmware images if you want to bring your own hardware to the party.

Pwn Plug Hardware

The core of the Pwn Plug is the Sheevaplug (Model 003-SP1001), featuring a 1.2 GHz ARM processor, 512 MB of DDR2 RAM, 512 MB onboard storage, USB 2.0, gigabit Ethernet, and an SD slot. Make no mistake, despite its small size, this device is most assuredly a full computer. The only thing separating the Pwn Plug from being a micro-sized desktop replacement is the lack of onboard video. This means that the Pwn Plug can do most anything you can do on a regular Linux computer, which is an incredible boon to security work. Its processor might not be quite up to the task of computationally intensive tasks like cracking passwords, but generally speaking, if you can do it on your Linux desktop, you can probably do it on the Pwn Plug as well.

The Pwn Plug Elite Kit

For the purposes of this review, we will be looking at the Pwn Plug Elite, which is the top of the line in the Pwn Plug family. The first thing you notice when opening up the package for the Pwn Plug Elite is how much hardware is included. In addition to the Pwn Plug itself, the package contains a Linksys USB300M, a Huawei E1786 GSM modem (or CDMA, your choice), an ALFA AWUS036H, a 16 GB SDHC  card, and enough USB, power, and Ethernet cables to get everything connected. It’s a wonder Pwnie Express even managed to pack all this into one box.

Pwnie Express also offers a version of the Pwn Plug without the cellular modem, though the ability to communicate “out of band” with the target network is a very big advantage if you are looking to go undetected.

Physically, the Pwn Plug is a bit bigger than I anticipated, but still small enough that nobody would ever find it if it was hooked up under a desk or in a wiring closet. In fact, the package includes some stickers that make the Pwn Plug look like either an automatic air freshener, or a printer power supply. I’m not sure how many automatic air fresheners have Ethernet cables coming out of them, but the printer power supply sticker is rather convincing and could easily fool a casual observer.

Overall, the Pwn Plug is somewhat difficult to grade based on the hardware alone, as Pwnie Express didn’t actually create any of the hardware, they simply chose compatible devices and integrated them into a cohesive product. To that end, Pwnie Express has done an excellent job, as all of the kit components are reliable performers and well made. Items like cellular modems and WiFi adapters can be notoriously tricky to support under Linux (to say nothing of ARM Linux), so Pwnie Express should be commended for taking the time to find hardware that is fully compatible not only with the kernel but the individual tools as well. It would have been easy to pack the Pwn Plug with the cheapest WiFi adapter they could find, but Pwnie Express went the extra mile and found one that is well supported by tools like Aircable-ng.


Another pleasant surprise with the Pwn Plug was its documentation. I didn’t expect to open the box and be greated with a complete printed manual, copy of the software license, and fliers explaining the device’s main features and functions. Attempting to detail all the things the Pwn Plug is capable of is essentially impossible, as it is a full Linux computer and there is no way to anticipate all of its possible uses, but the manual does do a good job of explaining some of the core concepts.

Topics such as tunneling SSH over HTTP or DNS to a machine running BackTrack are broken down into easy to follow steps, and even advanced functions such as backing up and restoring the device’s internal flash are covered. The included hardcopy of this information gives the whole Pwn Plug kit a much more polished and professional appearance, and insures that there are no unanswered questions when a first time user opens the box.

Hardware Gallery

Tom Nardi

Tom is a Network Engineer with focus on GNU/Linux and open source software. He is a frequent submitter to "2600", and maintains a personal site of his projects and areas of research at: .

Related posts