Create a BadUSB Rubber Ducky using Arduino

August 21st, 2019 by

Rubber Ducky is the most popular tool to inject keystrokes on a victim’s computer at lightning speed. Masked as a regular USB device, Rubber Ducky acts like a keyboard (Human Interface Device) and automates key presses. It executes command upon plugging in the USB device. It is very effective because, a computer trust human, a human use keyboard to communicate, therefore, computer trusts keyboards.

With lightning-fast typing, we can do various things like, download a backdoor payload generated by Metasploit, disable firewalls, extract saved passwords and more.

Today we will learn how to create a Rubber Ducky using Arduino.


Video Demonstration



SS Micro ATmega32U4 Arduino Compatible

Arduino IDE


Let’s start with the basics.

Paste the script provided below in your Arduino IDE. Select the proper port where your Arduino is connected. In this tutorial, I am using an Arduino Leonardo type of board so I selected Arduino Leonardo in Boards.


Script #1: Opening a notepad

Description: Opens up a notepad and print “You have been pawned”


Script 2#: Extract Wifi Password and upload it in FTP

Description: Open up a Powershell and extract Wifi Passwords. After extracting the wifi password, save it to a file and FTP it to FTP Server.

Additional Step: Change your FTP credentials. Modify “localhost”, “user” and “user123”.


Script #3: Download and execute a file.

Description: It downloads a file using cmd commands.


Script #4: Download a file and execute it using Powershell

Description: Open up a Powershell with elevation, downloads file and execute it.


Script #5: Disable Windows Firewall using Powershell

Description: Opens up a Powershell and disable the firewall.



If you want to acquire the other script shown in the video demonstration, you can download it here.

Rubber Ducky Scripts (8075 downloads)
Spread the love



  1. cedcraftscodes

    February 23, 2020 at 10:51 am


  2. duke

    May 28, 2020 at 6:12 pm

    How to access other scripts


Leave a Reply

Your email address will not be published.