Hak5 Rubber Ducky
Summary
This documentation is about the USB Rubber Ducky, a keystroke injection tool. It will explain USB Rubber Ducky basics, show available tools for writing and encoding/decoding scripts, how to update firmware and finally deploy a keystroke injection attack.
Requirements
- This device is operating system independent but you will need a pc with an internet connection and a USB A port.
Description
USB Rubber Ducky, is a keyboard injection tool, mainly used from penetration testers and system administrators. The Rubber Ducky comes disguised with an innocent USB flash drive chassis, to aid in social engineering. But under the hood hides a 60 MHz 32-bit AT32UC3B1256 CPU with 256K onboard flash, and a micro SD card storage to host the payload, which is ready to deploy with over 9000 characters per minute, once connected into an USB slot.
The device where Rubber Ducky is connected, recognizes it as a USB Keyboard. But it is also possible to change the PID/VID (Product ID/Vendor ID), so Rubber Ducky can claim to be any USB Human Interface Device (HID). The payload, is written in Ducky Script, which is a very simple scripting language. Its syntax consists of just a few keywords, so everyone can directly start developing their own ducky scripts.
Package Content
If you purchase the USB Rubber Ducky form Hak5 you will find this content:
- USB Rubber Ducky
- 128 MB micro SD Card
- The casing of the USB Rubber Ducky
- USB micro SD Card reader
- USB A female to micro USB male adapter
- USB Rubber Ducky field guide
The USB micro SD Card reader to transfer the encoded the program onto the micro SD Card.
The USB A female to micro USB male adapter allows to use the USB Rubber Ducky on mobile devices.
Rubber Ducky Basics
Before diving into the world of keystroke injection attacks, a reader should be familiar with the following terms:
Payload
The payload tells USB Rubber Ducky what keystroke sequence shall be injected, once connected into a USB jack. It is written in a language called Ducky Script.
Ducky Script
Ducky Script is the script language, in which payloads are written. Ducky Scripts are pure text, so any ascii based text editor can be used. The syntax is very easy, each command (all capital letters) resides on a new line with options to follow. See here a list of commands and their functions.
Duck Encoder
inject.bin
Firmware
Attack Workflow
Research
During the Research process pick a target and gather following information:
- What device uses the target
- That operating system has the target device
- What keyboard configuration has the target device
- Has the victim some interesting Software
- What are the vulnerabilities of the operating system or software.
- What privileges has an usual user on this device
Write
- Write the ducky script specific for the target device.
The USB Rubber Ducky uses its own language which is easy to understand but keep in mind the short cut key combinations are operating system dependent.
The ducky script is explained below.
Encode
- Encode the ducky script with a ducky script encoder
There is and Online Encoder IDE which can be found on ducktoolkit.com.
Test and Optimize
- Test and optimize your script for perfect typing speeds.
Deploy
- Deploy the encoded script on the USB Rubber Ducky by Pasting the inject.bin file onto the micro SD Card.
- Use the USB Rubber Ducky and watch it type
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)