Hello and Welcome to GitcodeX
in this article you will learn what is a USB Rubber Ducky and its uses. Why is it too much famous for hackers and penetesters. in the end you will also learn how to make a simple payload from notepad and encode it to use USB Rubber Ducky.
So, Let's learn...
What is USB Rubber Ducky ?
A USB Rubber Ducky is a device looks like a pendrive, but it is one type of HID device (Human interface device).
The rubber ducky is a keystroke injection tool disguised as a generic flash device. computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute.
A human interface device or HID is a type of compter device usually used by humans and takes input and gives output to humans. like keyboards, mouse, joystick, game controller etc.
Rubber Ducky acts like a keyboard.
Humans use keyboards. Computers trust humans.
Since 2010 the usb rubber ducky has been a favorite among hackers, penetration testers and IT proffessionals. With origins as the first IT automation HID using an embedded dev-board, It has since grown into a full flrdged commertial keystroke injection attack platform. The usb rubber ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and convert design.
It can work in cross platform like windows, Mac, Linux, Android, Keyboards represent human input afterall, So when it comes to plugging in a new input device the default is to accept and obey.
Specifications :
60 MHZ 32-bit processor
Convenient Type A USB Connector
Expandable memory via Micro SD card
Hideable inside an in an innocuous looking case
Onboard Payload Reply Button
So, Let's make a small and simple payload and see how to use USB Rubber Ducky.
Step-1 Download the Tool for Payload
https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
Step-2 Open your notepad and type command
DELAY 3000
GUI r
DELEY 500
STRING notepad
DELEY 500
ENTER
DLEY 750
STRING Share my blog posts and follow us ; )
ENTER
Save the file with text format in home directory (Desktop) with name "payload.txt"
Step-3 Open Command prompt and run the following command
java -jar duckencoder.jar -i payload.txt -o inject.bin
After doing this you will find a file named 'inject.bin' from your desktop screen (if you don't then goto start menu and search for it)
Now, move this file in to a micro SD card with the help of card reader and make sure you are ejecting cardreader safely, otherwise it will not work.
Now, put that micro SD card into the Rubber Ducky.
That's it, you are ready to insert the rubber ducky into the victim's system.
Thank you for reading : )
Post a Comment