Poor men's Rubber Ducky

security testing on a budget

Rubber Ducky

The USB Rubber Ducky is a Human Interface Device programmable with a simple scripting language.

What can it do?

It can mimic a mouse and keyboard and execute predefined actions ( click here, press enter, write this text, etc). It can be used to perform security audits.

Key features

  • Disguised as a standard USB flash drive
  • It uses a fairly simple scripting language
  • It can work as mass storage device
  • Dozens of payloads available

 

Costs 44USD

https://hakshop.com/collections/hak5-exclusives/products/usb-rubber-ducky-deluxe

Cheaper alternatives

  • Rooted android device ( e.g. running NetHunter )
  • Arduino Leonardo

Arduino Leonardo ( beetle flavour ) 

  • Costs 6 euros
  • Can be used for something else ( it's an Arduino )
  • Easy to create a rogue device
    • install the beetle inside a keyboard and switch the output to it with the press of a button
    • simply connect it to the back of a computer and leave it there to execute frequent tasks

It is compatible with all the existing rubber ducky payloads. How? 

Rubberduino

Python tool to generate Arduino sketches

https://github.com/zatarra/rubberduino

Required tools:

  • Arduino IDE
  • Python 2.7+
  • Rubberduino
  • RubberDucky Payload

How to protect yourself?

  • Block HID devices
  • Apply cement to all USB ports
  • Use a USB killer :D

 

Useful links

  • https://github.com/zatarra/rubberduino
  • https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
  • http://www.gearbest.com/boards-shields/pp_226799.html?wid=21
  • https://www.arduino.cc/en/Main/Software
Made with Slides.com