The programming language, dubbed DuckyScript, is a simple instruction-based interface for creating a customized payload. However, it runs independently from the microcontroller that installs the drivers to the machine. On some older models running Windows XP, the device took upwards of 60 seconds to install the drivers.
On newer machines running Windows 7, it took anywhere from 10-30. And if the drivers take longer to install than the delay you put at the beginning of your payload, it will begin firing off anyways.
There is a firmware release you can flash onto your Ducky that will additionally act as a USB flash drive where executable binaries can be hosted. In this case, it would be significantly faster to open the drive and load the file into memory. The benefits of this include.
Don’t miss: How To — Get Your Mac Ready for Hacking?
- The ability to potentially avoid dropping any files on the machine
- Quicker than remotely retrieving a payload
- No internet connectivity is required for additional payload
But remotely retrieving a payload is a viable method if you absolutely have to do it that way.
In short, it is a very promising and effective tool but seriously lacks versatility. In some machines, it may take 5 seconds to load the drivers, in others may be longer than 60. Then you have to account for how long it will take to deliver your payload in accordance with how fast the machine can handle keystrokes.
This becomes a huge bummer during official penetration testing scenarios where you are required to enter the office physically because the variety of machine setups can be drastically different. Otherwise, exactly what it says on the tin: emulates a keyboard and mouse set up to deliver instructions.
How to Make Your Own USB Rubber Ducky Using a Normal USB?
- Payload – Hello World
- Payload – WiFi password grabber
- Payload – Basic Terminal Commands Ubuntu
- Payload – Information Gathering Ubuntu
- Payload – Hide CMD Window
- Payload – Netcat-FTP-download-and-reverse-shell
- Payload – Wallpaper Prank
- Payload – YOU GOT QUACKED!
- Payload – Reverse Shell
- Payload – Fork Bomb
- Payload – Utilman Exploit
- Payload – WiFi Backdoor
- Payload – Non-Malicious Auto Defacer
- Payload – Lock Your Computer Message
- Payload – Ducky Downloader
- Payload – Ducky Phisher
- Payload – FTP Download / Upload
- Payload – Restart Prank
- Payload – Silly Mouse, Windows is for Kids
- Payload – Windows Screen rotation hack
- Payload – Powershell Wget + Execute
- Payload – mimikatz payload
- Payload – MobileTabs
- Payload – Create Wireless Network Association (AUTO CONNECT) PINEAPPLE
- Payload – Retrieve SAM and SYSTEM from a live file system
- Payload – Ugly Rolled Prank
- Payload – XMAS
- Payload – Pineapple Assocation (VERY FAST)
- Payload – WiFun v1.1
- Payload – MissDirection
- Payload – Remotely Possible
- Payload – Batch Wiper/Drive Eraser
- Payload – Generic Batch
- Payload – Paint Hack
- Payload – Local DNS Poisoning
- Payload – Deny Net Access
- Payload – RunEXE from SD
- Payload – Run Java from SD
- Payload – OSX Root Backdoor
- Payload – OSX User Backdoor
- Payload – OSX Local DNS Poisoning
- Payload – OSX Youtube Blaster
- Payload – OSX Photo Booth Prank
- Payload – OSX Internet Protocol Slurp
- Payload – OSX Ascii Prank
- Payload – OSX iMessage Capture
- Payload – OSX Grab Minecraft Account Password and upload to FTP
- Payload – OS X Wget and Execute
- Payload – OSX Passwordless SSH access (ssh keys)
- Payload – MrGray’s Rubber Hacks
- Payload – Copy File to Desktop
- Payload – Youtube Roll
- Payload – Disable AVG 2012
- Payload – Disable AVG 2013
- Payload – EICAR AV test
- Payload – Download mimikatz, grab passwords and email them via gmail
- Payload – Hotdog Wallpaper
- Payload – Android 5.x Lockscreen
- Payload – Chrome Password
Also Read:
- Large Password Lists: Password Cracking Dictionary’s Download For Free
- Get a Reverse Shell in Seconds using USB Rubber Ducky & Arduino BadUSB
- Hack Like Mr. Robot, Own a Computer in 14 Seconds
If you have a custom rubber ducky script to share to have ideas of the development please share it here: hacktoday.io
