USB Rubber Ducky

The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute. It can also be used to work around security controls like USB port blocking used by some companies in an attempt to prevent data exfiltration (which can be bypassed by the USB Rubber Ducky). 

Where to buy?

The USB Rubber Ducky can be purchased on the Hak5 shop.

Main Components

The micro SD card that will contain the inject.bin file (encoded payload) in the root directory.

The micro SD to USB adapter. Once the micro SD card is inserted into this adapter, it can be accessed as a normal USB storage device. The inject.bin file (encoded payload) can be transferred on the micro SD card using this adapter.

USB Rubber Ducky. First insert the micro SD card in the USB Rubber Ducky. Then insert the USB Rubber Ducky into the target computer to execute the encoded payload stored on the micro SD card.

There is also the button to replay the attack (encoded payload).

Case to protect and disguise the USB Rubber Ducky as a regular USB storage device.

Getting Started

When attacking, the USB Rubber Ducky executes the file inject.bin that is located in the root directory of the micro SD card.

First, we need a payload that will be executed by the USB Rubber Ducky when attacking. Payloads can be obtained from Github or you can create your own. Store the payload in a regular text file.

“Hello World” payload example

DELAY 3000
GUI r
DELAY 500
STRING notepad
DELAY 500
ENTER
DELAY 750
STRING Hello World!!!
ENTER

Next, we need to encode the payload so the USB Rubber Ducky can execute it. For this, we need the duck encoder. It can be downloaded on the Hak5 Download Center.

Keep a copy of the duck encoder stored on the USB Rubber Ducky so you will always have it with you for any last-minute change.

Encode the payload (example done on Kali Linux)

DIR="/root/Documents"
PAYLOAD=payload.txt

java -jar $DIR/duckencoder.jar -i $PAYLOAD -o /$DIR/inject.bin

Copy the encoded payload (inject.bin) on the USB Rubber Ducky using the micro SD to USB adapter.

Insert the micro SD card into the USB Rubber Ducky to execute the attack.