Introduction: What’s USB Rubber Ducky?
The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard. Once it’s plugged in your/target machine it will mimics the keyboard, although it’s not really a keyboard. It will allow you to create keyboard scripts that will run as soon as you plug in the device.
Simple, powerful platform.
- Fast 60 MHz 32-bit Processor
- Convenient Type A USB Connector
- Expandable Memory via Micro SD
- Hideable inside an in an innocuous looking case
- Onboard Payload Replay Button
Payloads are crafted using a simple scripting language, DuckyScript which can be used to drop reverse shells, inject binaries, brute force pin codes, stealing passwords, and many other automated functions if you are pentester, sysadmin or ethical hacker, of course.
How it works?
The Rubber Ducky is a really fast, automated and scriptable HID (Human Interface Device) device which convinces us that it is a keyboard. Masked as the average flash drive it can perform all kind of actions on a machine, within 15 seconds after plugging in. Specially crafted payloads mimic a trusted user, so anyone with social engineering or physical access skills can deploy payloads with ease and enter some keystrokes into the target machine trough them.
The Rubber Ducky Workflow:
- Writing the Payload – to write payloads we are using DuckyScript – a very simple scripting language. Everything you’ll need is an ordinary text editor (e.g. notepad).
- Encode the Payload – this step implies converting human-readable ducky script into a USB Rubber Ducky compatible
inject.binfile, with one of the many duck encoders. The USB Rubber Ducky is expecting an
inject.binfile on the root of its microSD card.
- Loading – putting the microSD card into the ducky and placing inside generic USB drive enclosure for the covert deployment.
- Deploying – after payload testing and optimization, it can be deployed on a target machine.
- Cross-Platform: Attacks any OS that supports USB Keyboards
- Simple Scripting language: Start writing payloads in minutes
- Open Source Firmware: Add functionality using included libraries
- Expandable Storage: Micro SD cards make it possible to carry multiple payloads
- Community Support: Share sample scripts, complete payloads and get help online
The DuckyScript & The DuckToolKit
DuckScript code tells the USB device what keystrokes to send after it is plugged in. Basic DuckyScript code:
WIN r– pulls up the Windows run dialog
DELAY 1500– pauses for 1.5 seconds.
STRING Hello World– types “Hello World”
ALT F4– closes the window
DuckToolkit is an open source Penetration Testing tool for authorized network auditing and security analysis purposes. It contains Encoding Tools for Rubber Ducky. Tools are available here, and you can also generate payloads from a selection of predefined scripts and templates. It is very easy to install it. Just follow the installation steps from the DuckTollkit Github repo.
Hacking with Rubber Ducky
The USB Rubber Ducky has been a favorite among hackers, pentesters, cybersecurity and IT professionals. Many hackers have figured out how to create their own small USB keys that can act like Human Interface Devices (HID) for just $8. But why Rubber Ducky?
- For just a 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC.
- With the Ducky Mimikatz payload, it’s possible to grab a user’s password/credentials just by plugging in this small little devil. Mimikatz exploit can actually recover the plain text password of the logged in user.
- Ducky provides simple scripting language – DuckyScript. You can craft custom payloads capable of changing system settings, opening backdoors, retrieving data, initiating reverse shells, or basically anything that can be achieved with physical access, all automated and executed in a matter of seconds.
- It looks like any other USB storage key, so you can easily and unnoticedly plug it in. It’s very unlikely that someone will notice it. Can be use with Raspberry Pi, also (for Wi-Fi handshake harvesting without using screen).
- It’s also cross-platform, so it attacks any OS that supports USB Keyboards (Windows, Mac, Linux, Android, etc.).
- USB Rubber Ducky can also be used for targeting vulnerable systems or programming processes and save times.
- Implementation of the USB Rubber Ducky is basic and easy to follow, but if you find yourself getting lost, there are plenty of guides, tutorials, forums on “how to set up and use”, all over the Internet.
When you plug in this small USB Rubber Ducky, which look like any other USB storage key, they can automatically launch a command prompt, hide it, and take control of the target computer. It’s very affordable, you can get it for $45 in the Hack5 online shop. There is a chance that you’ll need a little more than 15 seconds to take control of the desired machine, but to be honest – it’s worth it.