USB RUBBER DUCKY | HACKING HARDWARE DEVICE | ETHICAL HACKING

USB Rubber Ducky


The USB Rubber ducky is not actually a USB in the traditional sense. It is actually a keyboard as far as your computer is concerned.

So the USB Rubber Ducky is a keyboard?
As far as your computer is concerned, yes, it is in fact, a keyboard (Human-Interface-Device).

What it can do?

When the USB Rubber Ducky is plugged into your computer, your computer detects it as a keyboard. This is the vulnerability. Let's think about it for a moment, have you ever plugged in your keyboard and been asked: "May this device make changes to your computer?" Likely not. The USB Rubber ducky does not require user authentication to run. 

The USB Rubber ducky runs a script, meaning it is really typing on its own. 

SCRIPT: The script is basically an instruction guide for the device.
The USB Rubber Ducky can do anything a keyboard can do, surprisingly enough there's a lot of keyboard shortcuts that allow for a lot of ingenuity with the USB Rubber Ducky.

For example, Windows key + R opens a run bar, and if you type cmd you'll open Command Prompt.
Another example is GUI Y Which will accept any dialog box open, these are commonly seen when an application is requesting to run as Administrator.

How harmful it was?

Thinking outside the box.The system admin is the limit with the USB Rubber Ducky. There's a ton you can do, including downloading payloads wrapped in .exe's, meant to convince the user it's harmless, or, quite honestly, you can run the .exe with the USB Rubber ducky by downloading it then executing it.

Personal usage

You can collect users web saved passwords, wifi passwords, run a ransomeware attack which even collapse an oraganisation, inject payloads, can see their tasks performed. 

If you are good at scripting you can write your own script to perform a single or multiple tasks on the victims system. There are several pre-written scripts available on the web for various operating systems.
The script can be injected into the USB Rubber Ducky via memory card and perform your script on the victim's computer.

It can be performed in Windows, linux, macOS, and even in Android(must be rooted and kali nethunter is installed).

Here is the payloads pre-written.


You can build your own hacking device. Excited to know how we can? Please comment below.

Knowledge sharing is atmost quality of Knowledge gaining, Share the content to your friends.
For more content and quries FOLLOW our blog.

Thankyou.

Post a Comment

0 Comments