Hi, I am about to order the rubber ducky and this is what I understand so far (please answer,quote if I am wrong) 1. I order the rubber-ducky usb device online at the shop. Maybe I will have 2... 2. There is a "general" /universal script language standard utility that lets people customize the socalled payload* Among a community around it. 3. I am not sure thou, If I have to choose it at the shop (prepared with script) if this takes extra time. or if this choice "locks" my duck for future agility.. 4. There is some tools required for reading-writing to the internal sd-storage on this device. If you want to access it, it has to be flashed. And when the payloads and such data is there you want to "seal" the device and make it ready (for deploy...) 5. The thing about this HID-injection on let say @Windows could be described as follow: when the device attaches in usb-port it get granted access as a hid-keyboard. opens notepad if the target machine is logged in. dumps a lot of text "payload" and saves it. call elevated command-prompt /and or powershell if available. runs whatever you want^^ like open port or disable firewall deletes traces of itself, runMRUs , recent doc, if possible and this happens in seconds with fast typing, with some delays,... finished 6. I Havent found out yet , if this device could be used as a normal "usb volume" at the same time!? after the payload as a "HID" is done. it mounts a tiny volume that is created on the internal SDcard (prepared 2GB FAT partition for instance...) Windows computer suddenly find out the active partition, mounts the volume. and the User gets a normal "new removable device found"... Maybe with some typical files on it, and nothing seems wrong with this penstick... (but the payload has already done its job and also covers itself of a normal usb-drive ) What I want to do - Target machine - Thoughts - 1. Let say I (or you) only have one shot...one chance. You have to construct the payload to be quite "failsafe" and smart right. like before_actionA check if system is target=true if actionA doesnt work I try actionB.
before it even continues, if it fails at first line the rest is just useless, isnt it... So you have construct a tiny payload that does a few commands in several ways to garantuee a success. I believe you could have several different local stored "files" or configs ready to be used, all depending on the payload. if=system is Mac =use payload_Z if=unsure =kill itself and so on.. 2. So What do you suggest to me? I want to start as soon as possible guys.Help me out. I gonna order 2 to start, one for a target and one for practise and use on my own machines for "pentesting" Target client=windows x I want the payload to do something like this: a) open some backdoor as fast and safe as possible. b) reverse shell and/or other remote solution c) hide itself ,prepend and make sures it survives reboot, bypass UAC, bypass firewall, suspect users, AVs d) minimal trace and ready to be hooked "picked-up-later" in other words. e) listening... f) for me, maybe send it new commands like information gathering (reco...) g) new info uploaded to me (in a secure way!) h) analyzing the results, I work out on new commands to send. very refined and precise