What is the USB rubber ducky?
The USB Rubber Ducky is an awesome device for penetration testing and general mischief. While it appears to be an innocuous USB thumb drive, when it is plugged into a computer, it instead registers itself as a USB keyboard on the system and fires off a keystroke payload at lightning speed.
What is the HAK5 USB rubber ducky repository?
This repository contains payloads and extensions for the Hak5 USB Rubber Ducky. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads. A "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds.
What are the parts of a rubber ducky?
There are three main parts that come with the Rubber Ducky that you’ll be using to create, test and launch exploits. The mini “keyboard” adapter. This is the larger of the two parts with a USB dongle poking out of it.
What are the dangers of a rubber ducky device?
One of the dangers of a Rubber Ducky is that it can give a hacker access to full control of a system. At the end of the day you are acting as if the attacker is in front of the screen executing commands, since they are preconfigured scripts. This device can open a link between the monitoring server and the victim’s system.
What is a WiFi rubber ducky?
The WiFi Duck is a project created by Stefan Kremser, also known as Spacehuhn. With it, you can plug the WiFi Duck into a target computer that's exposed even for just a minute, then connect to it over Wi-Fi from another device to issue whatever payloads you have ready or can build before you have to disconnect.
Does Rubber Ducky work on Windows 10?
Using the USB Rubber Ducky, Powercat is executed in Windows 10 as an administrator which quickly establishes a root shell via the attacker's Netcat listener. At that point, persistence is configured using the schtasks command, which was designed by Microsoft to automate tasks and commands in Windows 10.
What is the difference between bash Bunny and rubber ducky?
The primary difference between Rubber Ducky and Bash Bunny is the number of devices that are emulated. While Rubber Ducky simply imitates a keyboard device, Bash Bunny can emulate many other devices, including Ethernet over a USB adapter, a serial port, and a storage device.
What is rubber ducky encoder?
August 29, 2017. The USB Rubber Ducky is an awesome device for penetration testing and general mischief. While it appears to be an innocuous USB thumb drive, when it is plugged into a computer, it instead registers itself as a USB keyboard on the system and fires off a keystroke payload at lightning speed.
Can a rubber ducky be detected?
Detecting the Ducky As long as the Ducky Script is careful about cleaning up after itself — by closing all windows it opened, erasing the terminal history, and making the computer appear to be in the same state that the target left it in — an attack can go completely undetected.
What does bash bunny do?
The reason why Bash Bunny is called what it is called, is that we write the attack payloads directly in Linux bash using additional commands in the Bunny Script language. Everything is simple, intuitive, and efficient. Bash Bunny can be configured to contain two different payloads at once, to be run separately.
What is a packet squirrel?
The Packet Squirrel by Hak5 is a stealthy pocket-sized man-in-the-middle. This Ethernet multi-tool is designed to give you covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. SYSTEMS ADMINISTRATORS. Easily capture packets between any network endpoint.
What can be done with rubber ducky?
USB Rubber ducky is an HID device that looks similar to a USB Pen drive. It may be used to inject keystroke into a system, used to hack a system, steal victims essential and credential data can inject payload to the victim's computers.
What is a rubber ducky?
While it appears to be an innocuous USB thumb drive, when it is plugged into a computer, it instead registers itself as a USB keyboard on the system and fires off a keystroke payload at lightning speed.
Does Ducky work on Windows 10?
As mentioned earlier, ducky scripts that work for, say, macOS almost certainly won’t work for Ubuntu or Windows machines. And a ducky script that works against the latest version of Windows 10 may not work at all on an older, unpatched Windows 7 machine.
What is the best security awareness payload for the Rubber Ducky?
A two second HID attack against Windows and Mac that launches the website of your choosing. That's by far the most effective security awareness payload for the USB Rubber Ducky.
The 3 Second Reverse Shell with a USB Rubber Ducky
A reverse shell is a type of shell where the victim computer calls back to an attacker’s computer. The attacking computer typically listens on a specific port. When it receives the connection it is then able to execute commands on the victim computer. In essence it’s remote control of a computer.
What's the quickest way to steal a Windows password hash?
Using a USB Rubber Ducky and this simple payload, Windows password hashes can be captured for cracking in less than two seconds.
15 Second Password Hack, Mr Robot Style
In honor of the USB Rubber Ducky appearance on a recent episode of Mr Robot, we’re recreating this hollywood hack and showing how easy it is to deploy malware and exfiltrate data using this Hak5 tool.
What is the best security awareness payload for the Rubber Ducky?
A two second HID attack against Windows and Mac that launches the website of your choosing. That's by far the most effective security awareness payload for the USB Rubber Ducky.
The 3 Second Reverse Shell with a USB Rubber Ducky
A reverse shell is a type of shell where the victim computer calls back to an attacker’s computer. The attacking computer typically listens on a specific port. When it receives the connection it is then able to execute commands on the victim computer. In essence it’s remote control of a computer.
What's the quickest way to steal a Windows password hash?
Using a USB Rubber Ducky and this simple payload, Windows password hashes can be captured for cracking in less than two seconds.
15 Second Password Hack, Mr Robot Style
In honor of the USB Rubber Ducky appearance on a recent episode of Mr Robot, we’re recreating this hollywood hack and showing how easy it is to deploy malware and exfiltrate data using this Hak5 tool.
About the USB Rubber Ducky
A "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds.
Disclaimer
Generally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness. As with any script, you are advised to proceed with caution.
Legal
Payloads from this repository are provided for educational purposes only. Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality.
Contributing
Once you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.
