Lockon

I came really close to sending the unit back in when I couldn't help staring at the screws on the unit so I broke down and opened it up. I noticed that the unit's very cheaply made, most of the connections were poorly soldered, some were mashed in there putting tension/pressure on sensitive areas. After going in and correcting the problems, the unit's working properly. I don't recommend just anyone doing what I did since we're talking about a lithium ion battery pack, it's better to send it back but I'm a little further out than most so my impatience got the best of me. I also recently purchased the following http://www.amazon.com/14400mAh-Multi-Voltage-Portable-External-adapters/dp/B005NGLTZQ/ref=sr_1_cc_1?s=aps&ie=UTF8&qid=1384257965&sr=1-1-catcorr&keywords=anker+usb+battery+14000 and love it. 14,400 mAH, 5/9/12v modes, 2A output on the USB ports, with a cable accessory kit that's compatible with the Pineapple.

Correct me if I'm wrong but it seems that he took his Pineapple apart (to minimize the space it takes up) within a slightly_bigger_than an external hard drive case. 2 batteries supply juice for a Raspberry Pi and Pineapple, with 2 higher gain TP-Link dipole antennas.

I wish I had a chance to play with that Aircheck device. For now WiFi Analyzer will have to do.

That's awesome!

Correct, the Pineapple 8800 unit is 6800mAH as indicated on the back.

Yes, the power switch on the unit was in the "on" position during charging. Thanks for the contact info.

Just received my unit. I see the red lights on both the AC charger and the battery itself but even after 6 hours, it doesn't appear to have charged at all. When I hit the battery status button, it all lights up (only when plugged into an AC plug) but as soon as I disconnect everything, there's no charge available on the battery. Could this be a defective unit? If so what're the instructions to have it exchanged?

Are there any good write ups on the use of Bully? I haven't got it to work in Kali in a VM.

It depends on what the RD is being used for. Since you can choose any payload to use with the ducky, it's hard to defend against ALL exploitation without first understanding what kind of exploit is being used. As you said, the only real way to defend against any and all ducky attacks are to disable USB entirely.

For personal level, you could simply use a supported network adapter and Backtrack 5/Kali as the packages it comes with is really well put together. On the professional side I use Silica as it simplifies things and makes the process easier as you can go much further (like discovering what else you can do to a target host once you gained remote access). To replicate what Silica does in Kali/Backtrack, you'd need additional packages/libs and tons of scripts. With Silica it's built right into the software.

I use several machines. For capturing/probing/listening, I use a Lenovo Thinkpad X120E, sort of like a buffed up netbook... you really don't need a lot of power to do those as Darren often demonstrates this on his Asus netbook. If you're going to use WPS-based attacks via Reaver, this is more than enough for that purpose. I also use a 2011 Macbook Pro for exploring/learning different tools with all of my pen software running in a VM (parallels) which I firmly believe is superior (and easier to use) than VMWare Fusion. You could say that this is my educational/experiment machine. However for decrypting/bruteforcing/wordlist/rainbow hash attacks, I use a mini-ATX box with a real GPU. So the idea is to capture the information you need on the Thinkpad/Macbook, export it to a usb flash drive, reimport it and process on the more powerful machine (mini-ATX box). My Thinkpad processes about 300 keys per second, the Macbook about 1800-1900 kps, the mini-ATX about 42,000 kps. The key thing here is no matter how powerful your laptop is, I don't believe you can get any GPU acceleration working if you run, say Backtrack/Kali in a VM because your video adapter gets assigned a virtual adapter driver (i.e. VMware SVGA), so you'll want to run it native or as a Live OS if you want that GPU acceleration.

If Whitehats wrote such code, which we do, it wouldn't be considered "malware" as it's not inherently malicious. Depending on the application(s), some software have management consoles which means we can literally see what people have/lack and can automatically or manually push updates to the machine. For some companies, it's much easier to create a simple script to make sure all the required default services are turned on (or off) upon user login.

I think it's about $2000 ~ $2500.

I don't represent them but I understand why they sell their product. The basis is convenience and some are willing to pay for it. The unit is limited in that it only deals with WPS exploitation via their GUI-based Reaver Pro software. It's mainly a "set it and forget it" unit without the need for a computer/netbook. I would think that offering the Reaver Pro software for free and just charging for the standalone unit (for those who want it) for say $50 seems more reasonable, but that's just my .02. $200 for "only" WPS attacking seems outrageous IMHO. I'll give it that the WiFi Pineapple by comparison is much more useful in that sense and with the new Mark V unit (hopefully they'll start shipping soon), the possibilities are even greater than with my current Mark IV.