109 - USB Rubber Ducky Hack Device (Hak5)

web stats

Be careful of what users connect to your USB ports!

The Hak5 USB Rubber Ducky device ($40 from here) looks like a USB flash drive, but it is actually an integrated processor with a USB connector and an SD card.

When connected to a computer, the computer recognises it as an input device (aka 'a USB keyboard') and so the computer loads a keyboard driver so that it will work.

Once the Rubber Ducky detects that the computer is ready to accept 'keyboard scan codes' then the Rubber Ducky can run a user-programmable script which will send keyboard scan codes via the USB interface to the computer.

Now the Rubber Ducky can send any keyboard command it likes to the computer (i.e. anything that can be typed in using a USB keyboard can be emulated by the Rubber Ducky).

There is an active forum at www.usbrubberducky.com

Payloads (scripts)

You can download you own payloads from the wiki - go to the payloads section for sample scripts.

As the Rubber Ducky contains an SD card which appears to Windows as a Mass Storage device, the Rubber Ducky can use CTRL+ESC to get to the Start Menu, then type 'cmd' and ENTER and then run any program that you place on the SD card.

Whatever security level the current user has will apply to the Rubber Ducky script, however there are various ways to get around this and ways to then disable the AV program that may be running, etc.

Most corporate PCs should have restricted Admin access and so not allow this sort of access by the user.