USB Rubber Ducky Deluxe
Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals. With origins as a humble IT automation proof-of-concept using an embedded dev-board, it has grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.
Quack like a Keyboard!
Nearly every computer including desktops, laptops, tablets and smartphones take input from Humans via Keyboards. It's why there's a specification with the ubiquitous USB standard known as HID - or Human Interface Device. Simply put, any USB device claiming to be a Keyboard HID will be automatically detected and accepted by most modern operating systems. Whether it be a Windows, Mac, Linux or Android device the Keyboard is King.
By taking advantage of this inherent trust with scripted keystrokes at speeds beyond 1000 words per minute traditional countermeasures can be bypassed by this tireless trooper - the USB Rubber Ducky.
Ducky Script. Simply Simple.
The USB Rubber Ducky's scripting language is focused on ease-of use. Writing payloads is as simple as writing a text file in notepad, textedit, vi or emacs.
- Type "Hello World" with STRING Hello World
- Add pauses between commands with DELAY. Use DELAY 100 for short 100 milliseconds pauses or DELAY 1000 for longer 1 second pauses.
- Combine specials keys. ALT F4, CONTROL ESCAPE, WINDOWS R, SHIFT TAB. They all do exactly as expected.
- Use REM to comment your code before sharing it.
- That's it! You just learned Ducky Script!
Unmatched Performance, Simplicity and Value.
We learned from the experiences of over 100 hackers worldwide working on the original prototype dev-board. Based on their feedback we developed a truly remarkable custom hardware platform with an order of magnitude more processing power and versatility.
- Fast 60 MHz 32-bit Processor
- Convenient Type A USB Connector
- Expandable Memory via Micro SD
- Hideable inside an in an innocuous looking case
- Onboard Payload Replay Button
Windows, Mac, Linux, Android - they all love keyboards. Convenience is king, so when it comes to plugging in a new input device the default is to accept and obey. Keyboards represent human input afterall. Before USB there were various standards, be it PS/2, AT, Apple Desktop Bus and various other DINs. Now that everything is Universal the Human Input Device is "Plug and Play".
Community Payload Generators, Firmware, Encoders and Toolkits
The USB Rubber Ducky project has fostered considerable innovation and creativity among the community. Some gems include
- Customize pre-assembled attacks from our repository - Payload Wiki
- Online Duck Toolkit for simple Reconnaissance, Exploitation and Reporting
- The Simple Ducky Payload Generator for Linux with Password Cracker and Meterpreter and Netcat integration
- VID & PID Swapper to cloak your device
- Ducky-Decode Firmware and Encoder adding Mass Storage, Multiple Payloads, Multilingual and and much more.
- And of course the USB Rubber Ducky Forums for Payload sharing, suggestions, questions and information.