➖ TUTORIAL ➖
What Is USB Rubber Ducky And How Can We Use It
With the usb rubber ducky has the company hak5 created a basic attack for HID(Human Interface Devices) attacks. They also created a simple script language and uploaded a bunch of payloads on their website.
https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
Meanwhile, the ducky can be used with all operating systems. The tool developed primarily for administrators and penetration testers is similar to a conventional USB stick.
Structure and function
The USB-Rubber-Ducker consists of an Atmel-60-MHz-32-bit processor, a JTAG interface for I/O operations and a microSD card reader.
The device is thus designed exclusively for keystroke injection attacks and quickly stimulated the imagination of penetration testers and developers.
DuckyScript
The programming of the rubber ducky is working in the script language duckyscript. I will list you the most important elements.
REM = comments
WINDOWS or GUI = This commands are the windows key(WINDOWS) and the mac super key(GUI)
REM Call Spotlight Search In macOS
GUI SPACE
REM Execute Open Dialog In Windows
WINDOWS r
REM Open Windows Settings
WINDOWS i
REM Open Context Menu Of The Start Menu
WINDOWS X
DELAY: With DELAY you force a pause until the next command execution. This is recommended to give the target system time to process a command. You specify the time in milliseconds. Alternatively use f or DEFAULTDELAY, to make a delay between every command into the script.
REM Wait 5 seconds, to load file
DELAY 5000
REM Wait every 200 ms between every command
DEFAULT_DELAY 200
STRING: STRING simulates the keyboard input of a character string on the system.
REM macOS start spotlight search
GUI SPACE
REM Open internet accounts settings
STRING Internet-Accounts
REM Open Windows CMD
WINDOWS
STRING cmd.exe
ENTER
MENU or APP: The two commands simulate pressing the menu or application key under Windows. Alternatively, the combination SHIFT+F10 would also be possible here.
REM Open Wordpad and paste text from clipboard
GUI r
STRING wordpard
ENTER
MENU
STRING E
SHIFT, ALT and CTRL: This commands simulate the control keys. They'll used often in combination with other keys. DuckyScript allows for example the following combinations:
ALT with: END, ESC, ESCAPE, F1 until F12, SPACE, TAB or with an single character or number.
SHIFT with: DELETE, HOME, INSERT, PAGEUP, PAGEDOWN, WINDOWS, GUI, UPARROW, DOWNARROW, LEFTARROW, RIGHTARROW, TAB
CTRL with: BREAK, PAUSE, F1 until F12, ESCAPE, ESC or with a single character.
REM Close Application
ALT F4
REM Open taskmanager
CTRL SHIFT ESC
REM Open terminal in ubuntu
CTRL ALT T
REM Execute mission control in macOS
ALT F3
REPEAT: REPEAT will repeat the previous command n-times
REM Rightarrow 5 times to the right, and then 3 times down.
REM Hit enter.
RIGHT
REPEAT 4
DOWN
REPEAT 2
ENTER
Depending on the operating system and the keyboard operator used, other commands can be used whose meaning largely corresponds to the designation on the keyboard. These are among others BREAK or PAUSE, CAPSLOCK, DELETE, ESC or ESCAPE, HOME, INSERT, NUMLOCK, PAGEUP, PAGEDOWN, PRINTSCREEN, SCROLLOCK, SPACE and TAB.
What Is USB Rubber Ducky And How Can We Use It
With the usb rubber ducky has the company hak5 created a basic attack for HID(Human Interface Devices) attacks. They also created a simple script language and uploaded a bunch of payloads on their website.
https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
Meanwhile, the ducky can be used with all operating systems. The tool developed primarily for administrators and penetration testers is similar to a conventional USB stick.
Structure and function
The USB-Rubber-Ducker consists of an Atmel-60-MHz-32-bit processor, a JTAG interface for I/O operations and a microSD card reader.
The device is thus designed exclusively for keystroke injection attacks and quickly stimulated the imagination of penetration testers and developers.
DuckyScript
The programming of the rubber ducky is working in the script language duckyscript. I will list you the most important elements.
REM = comments
WINDOWS or GUI = This commands are the windows key(WINDOWS) and the mac super key(GUI)
REM Call Spotlight Search In macOS
GUI SPACE
REM Execute Open Dialog In Windows
WINDOWS r
REM Open Windows Settings
WINDOWS i
REM Open Context Menu Of The Start Menu
WINDOWS X
DELAY: With DELAY you force a pause until the next command execution. This is recommended to give the target system time to process a command. You specify the time in milliseconds. Alternatively use f or DEFAULTDELAY, to make a delay between every command into the script.
REM Wait 5 seconds, to load file
DELAY 5000
REM Wait every 200 ms between every command
DEFAULT_DELAY 200
STRING: STRING simulates the keyboard input of a character string on the system.
REM macOS start spotlight search
GUI SPACE
REM Open internet accounts settings
STRING Internet-Accounts
REM Open Windows CMD
WINDOWS
STRING cmd.exe
ENTER
MENU or APP: The two commands simulate pressing the menu or application key under Windows. Alternatively, the combination SHIFT+F10 would also be possible here.
REM Open Wordpad and paste text from clipboard
GUI r
STRING wordpard
ENTER
MENU
STRING E
SHIFT, ALT and CTRL: This commands simulate the control keys. They'll used often in combination with other keys. DuckyScript allows for example the following combinations:
ALT with: END, ESC, ESCAPE, F1 until F12, SPACE, TAB or with an single character or number.
SHIFT with: DELETE, HOME, INSERT, PAGEUP, PAGEDOWN, WINDOWS, GUI, UPARROW, DOWNARROW, LEFTARROW, RIGHTARROW, TAB
CTRL with: BREAK, PAUSE, F1 until F12, ESCAPE, ESC or with a single character.
REM Close Application
ALT F4
REM Open taskmanager
CTRL SHIFT ESC
REM Open terminal in ubuntu
CTRL ALT T
REM Execute mission control in macOS
ALT F3
REPEAT: REPEAT will repeat the previous command n-times
REM Rightarrow 5 times to the right, and then 3 times down.
REM Hit enter.
RIGHT
REPEAT 4
DOWN
REPEAT 2
ENTER
Depending on the operating system and the keyboard operator used, other commands can be used whose meaning largely corresponds to the designation on the keyboard. These are among others BREAK or PAUSE, CAPSLOCK, DELETE, ESC or ESCAPE, HOME, INSERT, NUMLOCK, PAGEUP, PAGEDOWN, PRINTSCREEN, SCROLLOCK, SPACE and TAB.
Tags:
Password Hacking