Skip to content

USBRubberDucky

Danger

  • Cyber@UC is not responsible for any damages you cause with the information you learn in this lesson.

  • ALWAYS ask for permission before running a script on someone else's machine.

  • The USB RubberDuckys STAY in the Lab at all times.

Documentation

  • Hak5's Rubber Ducky Documentation can be here.
  • Hak5's Payload Studio. Is a great place to write your scripts and generate your payloads.
  • If you want you can still use any code editor you can and then copy the script over when you are ready to generate your payload.

Note

  • Your payload must be named inject.bin EXACTLY in order to work
  • Flipper Zeros can ONLY use Ducky Script 1.0

The Basics (Ducky Script 1.0)

1.0 is very simple, in fact this is pretty much everything. Although its limited there is still plenty of cool things you can do with this.

Basic Keystrokes: These represent standard keyboard keys, like: 

ENTER
SPACE
TAB
ESC
DELETE
And arrow keys (UP, DOWN, LEFT, RIGHT)
Modifier Keys:
These are keys that modify the behavior of other keys:
CTRL
SHIFT
ALT
WINDOWS (or GUI)
STRING
DELAY (Allows for pauses in script execution)
REM (for comments)

Your First script (For windows)

REM "Hello, World!" for Windows
DELAY 3000
REM Open the Run dialog
WINDOWS r 
DELAY 1000
REM Open powershell with our message
STRING powershell "echo 'Hello, World!'"
ENTER

We have 3.0 Rubber Duckies, what can they do?

  • Introduces advanced programming concepts:
  • Conditional statements (IF/THEN/ELSE)
  • Loops (WHILE/END)
  • Variables
  • Functions
  • Greater control over HID (Human Interface Device) actions.
  • Operating system detection.
  • Attack mode control.

Attack Modes

Selecting the attack mode will tell the rubber ducky how to function

HID

The HID attack mode functions as a Human Interface Device (a keyboard) for keystroke injection.

STORAGE

The STORAGE attack mode functions as USB Mass Storage (a Flash Drive). This may be used for copying files to or from a target — often referred to as infiltration or exfiltration. In the STORAGE attack mode, the MicroSD card connected to the USB Rubber Ducky will be exposed to the target.

OFF

The OFF attack mode prevents the USB Rubber Ducky from being enumerated (seen) by the target as a connected device all together.

HID STORAGE

Keyboard + Flash Drive

Detect OS then attack with RickRolls

ATTACKMODE NORMAL
DELAY 1000

REM Define the YouTube URL with a variable
DEFINE Rick "https://www.youtube.com/watch?v=dQw4w9WgXcQ"

REM Open a web browser (platform-specific)
IF OS WINDOWS
  GUI r
  DELAY 500
  STRING cmd /c start %Rick%
  ENTER
ELSEIF OS LINUX
  GUI r
  DELAY 500
  STRING xdg-open %Rick%
  ENTER
ELSEIF OS MAC
  GUI SPACE
  DELAY 500
  STRING open %Rick%
  ENTER
ELSE
  STRING OS Not Supported
  ENTER
ENDIF

DELAY 1000