USB Rubber Ducky

Hey guys welcome back to a new aricle now today is kind of like a mess around article you know it's nearly Christmas and I'm not really doing anything very serious but I had this USB rubber ducky deluxe for a very very long time back never actually made a video on it and and anyway the USB rubber ducky.

If you haven't heard of it now this isn't a promotional video by the way just so you guys know this is like it this is a general video I'm not advertising or anything like that but the USB rubber ducky is basically a USB stick with this little microcontroller on it and you can write code to this microcontroller and when you plug it in it acts like a keyboard.

So you can if you can do it on a keyboard you can do it on the rubber ducky but it executes the curds very very very quickly and if you like like I said if you do this if you can do it on a keyboard you can do a little bit okay so if I just like you know do this and open up run and type CMD multiply right and you know ipconfig slash release for example that will release my IP address and I will be able to go on the internet new also if i refresh this you can see I'm just I'm off now I can program.

The rubber ducky to do that and the coding language it uses I think it's called ducky script is really easy to learn and I basically want to just have been playing around with the USB ribbit okay having to play around with it like I just said and I'm going to show you this closes like a quickstart guide and then if you guys are interested just leave a little like in the video.

We can do some follow up videos on this so I'm just going to re-enable my internet yes so if you guys want to see more of these USB rubber ducky scripts then I will teach you guys so so device itself.

If I just refresh the page is very small and it comes in this housing well it doesn't actually comes like this and then you've got this housing it comes with it i've had this so long but i've lost the housing for it so to actually have that anymore and it also comes with this which will allow you to connect it to an Android phone and you can put your duck into that so this because the if you put a USB keyboard into one of these dongles.

You'll actually be able to use your right your Android device with the keyboard so that means that you can also use a rubber ducky and it's actually really awesome so you can make like a pin brute force or something like that kind of really cool and it uses a micro SD card so you put the SD card into it and execute the script to the little button you can see just here so you can see here it says the most lethal duck ever to grace an unsuspecting USB pot and you can write simple scripting language or online payload generator.

Which I'm going to demonstrate to you guys you can load the micro SD card into the dokyun and place the inside the generic USB drive enclosure for covert developer deployment and and then deploy.

It so this works on Windows Mac and Linux machine and yeah all you do is plug it in press the button and away it goes so these are all things I got with it like I said that's the case and you've also got that was a micro USB reader but it was actually really terrible so I didn't use that I use a rather more expensive one because I do a lot of you know Raspberry Pi stuff from that it comes with a once at 128 megabytes I think the one that's in mine is like 2 Giga summer and then you also get the and the my USB to micro-usb come there and then the price is fall to $2.99 is not private iseman.

It's just showing you where to buy and the link to this will be in the description if you want to buy it yourself and you probably will want to buy it yourself when you see what you can do with it so i'll show you the duct toolkit so the web link to submit in the description and all we're going to do is click on the payload generator and we're going to have a play around with this actually work we'll do that in a minute.

I will show you why I have going on here so that's not the right folder that's my transmog for USB rubber ducky so i'll show you the helloworld script and this is the curd the RAM is a comment so you know what comments are is like little there no current comments in the code to the person who developed it it will be executed and it will be read by the program.

It'll just be acknowledged but it will always be there the GUI button is the windows case a GUI R means windows key + R so that obviously opens up run as you guys know and I'm just going to move my taskbar on to this one so obviously the windows key are opens up run and then string means you basically declare in the next text is going to be a string.

So then it will type in CMD and then it will press ENTER and then it will type in hello world and this in itself won't work you have to convert it to a bin file in which you know like that and you can do that we're going on to the doc toolkit you can go to the encoder and then you just select the code that you want to incurred you copy it and you paste it and you generate.

The script and then you want to download the bin file which you then put on to your USB stick and you do that using a micro SD card reader so that's I'm going to do now and I'm just going to talk some garbage.

Where I plug in the USB and then you go so that's one from earlier so this one here is the helloworld script I'm going to call it inject stop bin just for simplicity and what I'm going to do now is put the micro USB device into the slot on the USB dock and I'm going to plug it in and now so you can hear the notification is it put them there's a blue LED on the device itself and what I'm going to do is press the button on there so you see that runs up and up there and because it's like Mac Road you can see they didn't actually work and i'll show you why so we can actually add delays in so which is like pauses for a certain period of time.

So let's say after we press the Windows key and are we need to give the time the computer time to actually do what it wants you to do because the rubber ducky doesn't wait so we'll give it a 5 milliseconds so 500 equals 500 five milliseconds and five thousand is five seconds yeah that sounds right.

So we give it five milliseconds before it types in CMD and then we'll also give it another 300 military milliseconds before pressing enter and then we'll give it another way it before it types in the string now the reason we can adjust the delays who far obviously slower computers like this one's got an SSD in it so the actual speed at which it opens up programs isn't that bad but I tried this on an older PC that had a solid state not solid state hard drive 5400 rpm hard drive.

The script just completely conked out because the computer simply wasn't fast enough see how you can add basically delays to help with slow computers so what we'll do is we need to interrupt the bin and we will see if the hello world script works and then once we've done that we're going to do some payload generating which is always funny all right I pushed one try again push one CMD hello world and because caps lock is enabled on my keyboard is typing in caps lock.

So if I was to disable caps lock and press again you can see it's typing script and hello world so you can see there that it executes code very very quickly so we can use this to our advantage obviously so we're going to click on payload generator and the one i've picked to use is computer information so what here I have here is reconnaissance which is you know recon.

So we can have it do all of these kind of things so we can have a get computer information user information USB information shared I'm not going to read all the site you can read it you've also got exploitation so you can find an upload a file which is a project.

I'm working on you can see here take screen captures copy wilds profiles and stuff like that so I'm going to get the computer's information and we're going to save the part to a USB Drive and I have a new of the USB drive here with me which is called dhoka.

So i'm just going to take these two boxes and then just put that over USB stick in there we're going to press Continue and the USB name is called okay i've already got a good idea of how this is going to work so you can adjust the delay here so the default is seven seven hundred fifty milliseconds.

I'm going to generate the script and you can see that it's done that so let's see how this runs so this is just using the peddler generator I need to just extract the inject bin file because this bit is a kind of a pain in the future I might make like a little program which can do this ultimate a bit farmer because that'd be really cool and I just lost the SD card that'd be kind of cool.

If I made this completely automated because for now it is kind of a pain because you end up with multiple engine jetbeam files so we will put this on the new volume drive which is the duck we'll call it in jeddah bin we will not safely remove the hardware and we'll plug it into the USB duck and yes the duck the ducky drive the run don't stop learning okay so it's really not as close just input back so we're not running some scripts run automatically some dirt not sure why the real answer for that I'm guessing right.

So this is going to get computers information and dump it onto the ducky drive let's see how well that actually works so we're just going to remove variables so this is just an unsuspecting computer set on the desktop unplug the drive in let's see how well it goes so let's see we do in powershell start we're doing that so then it actually try to hide the hide the mantras that hide the window within work so yeah it's actually going to generate.

A full HTML script now that's actually really surprising I did not expect that at all so this is powershell I'm guessing yeah this is powershell script.

So I'm just going to I'm not even touching the keyboard when we see how fast is is executing them because he's tried to hide itself that's why you can't really see what's going on so I could remove that line but I'm just going to leave it to do what it wants so it's going to save it and what's it going to do.

Now it's going to run the powershell script and then it's also a try I'm going to move again and do that work out can be the tell so I'm guessing it worked did it dump the file though that's a real question here it didn't dump the file kind of an issue but I did know it's saved something let's see where my recent files are quick access.

So that's sure that made this script see you can see how fast they wrote the script how that's 62 lines long although I'm not sure why didn't don't put the actual file as go back to here was this pasta e-rock slash pissed and it's all open to that but okay I give up with this script what I'm going to do now is pause the video and make my own version of the script that will work so here is the super simple script i've come up with so what it's going to do is basically use system info which if you don't know is a command in Windows.

If I do this it will load all the information for me and then it's going to dump light in a file called still in dot txt on the H Drive which is conveniently named okay I think see here that ducky is empty and it's going to create a batch file with the information in so let's just run the script.

So I'm sorry to put them I'm going to press the button and I did actually find out by the way if you add a REM up here so you know REM there it will actually pause and wear for you to press the button because it's the first line in the code and not just like said at the start it doesn't execute that maybe.

I delete instead as soon as you plug into the device it will execute the code so I'm going to do and the way it goes so sit back and relax as I steal all your data so it's going to save.

The file it's going to wait a little bit and then it's going to open up CMD and then start the batch file and there we go i've stolen all the data so if I show you what the output looks like in the ducky folder you can see that it shows you the computer's name with the run in a standalone workstation rich to earn.

The product ID the bios version where Windows is installed hot fixes that are installed the login server the page file my p address you can ddos that and yeah so obviously it's not very advanced it's not very like this should only work on this PC but there is ways of making it work on obviously other pcs.

So that might be something that I work on in the future maybe so that is basically the end of this little mess around video the actual recording at the moment is 23 minutes although.

Post a comment