Cyber Security,  Tutorials

Create a BadUSB Rubber Ducky using Arduino

Rubber Ducky is the most popular tool to inject keystrokes on a victim’s computer at lightning speed. Masked as a regular USB device, Rubber Ducky acts like a keyboard (Human Interface Device) and automates key presses. It executes command upon plugging in the USB device. It is very effective because, a computer trust human, a human use keyboard to communicate, therefore, computer trusts keyboards.

With lightning-fast typing, we can do various things like, download a backdoor payload generated by Metasploit, disable firewalls, extract saved passwords and more.

Today we will learn how to create a Rubber Ducky using Arduino.

 

Video Demonstration

 

Requirements

SS Micro ATmega32U4 Arduino Compatible

Arduino IDE

 

Let’s start with the basics.

Paste the script provided below in your Arduino IDE. Select the proper port where your Arduino is connected. In this tutorial, I am using an Arduino Leonardo type of board so I selected Arduino Leonardo in Boards.

 

Script #1: Opening a notepad

Description: Opens up a notepad and print “You have been pawned”

 

Script 2#: Extract Wifi Password and upload it in FTP

Description: Open up a Powershell and extract Wifi Passwords. After extracting the wifi password, save it to a file and FTP it to FTP Server.

Additional Step: Change your FTP credentials. Modify “localhost”, “user” and “user123”.

 

Script #3: Download and execute a file.

Description: It downloads a file using cmd commands.

 

Script #4: Download a file and execute it using Powershell

Description: Open up a Powershell with elevation, downloads file and execute it.

 

Script #5: Disable Windows Firewall using Powershell

Description: Opens up a Powershell and disable the firewall.

 

 

If you want to acquire the other script shown in the video demonstration, you can download it here.

Rubber Ducky Scripts (7938 downloads)
Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *