Jump to content

What is difference of rubber ducky


korean

Recommended Posts

They will probably release all that within the next couple days. But the bash bunny can work like a rubber ducky, but if your only running ducky scripts the ducky will be way better due to size, form factor and speed.  The bash bunny will take a couple seconds to start up where as the duck is almost instant. The feature of being able to use ducky scripts with the bash bunny makes it a more versatile platform for other attacks you might also be running when you plug it in 

Link to comment
Share on other sites

You can use it like a HID keyboard like the ducky but it can also act as: Ethernet over USB via RNDIS or ECM, a storage device like a normal flash drive, a serial port and connection, and a human interface device like The USB Rubber Ducky. It is also a fully functional Debian based Linux box and can be programmed in a text editor not needing to be encoded to an inject.bin file. It has a three phase switch the first being arming/computing the second and third are spaces for payloads. It can also act as a "Pineapple core" where it interacts with the WiFi Pineapple. 

Link to comment
Share on other sites

Is it possible we could get a clearer description of how this differs or is similar to the usb rubber ducky? a little unclear as to the pros and cons (strengths and weaknesses) of this vs. the ducky. Is it still worth having a ducky or does this supersede it? i understand this runs slower and needs 7 seconds start time but aside from that how is it better?

is it still worth getting a ducky if you own this? yes i saw the video but still a bit unclear how so.

Link to comment
Share on other sites

18 minutes ago, peterkozmd said:

Is it possible we could get a clearer description of how this differs or is similar to the usb rubber ducky? a little unclear as to the pros and cons (strengths and weaknesses) of this vs. the ducky. Is it still worth having a ducky or does this supersede it? i understand this runs slower and needs 7 seconds start time but aside from that how is it better?

is it still worth getting a ducky if you own this? yes i saw the video but still a bit unclear how so.

It is like the USB rubber ducky in how it can act like a keyboard to exploit the computers trust in humans but it can leverage that to do much more. Along with pretending to be a keyboard it can pretend to be other devices: an Ethernet over USB adapter, a serial port and a storage device. Because of this it can preform more and more complex attacks. It is also a fully functioning computer unlike the duck and can have multiple payloads. Just for keystroke injection the duck is better because of faster times and smaller size. Ducky pros, smaller, faster, more inconspicuous (looks like your standard flash drive), cheaper. Ducky cons, needs payloads as inject.bin files made with duck encoder, only an HID keyboard, not a fully functional computer, only one payload (but can have multiple mico SD cards). Bunny pros, can act as many devices, can have multiple payloads, fully functional computer, programmed in text (not inject.bin), indicator light. Bunny cons, big unlike most flash drives, slower than the duck to start. It is better because it can do many things the duck cannot, even with the seven second delay it can do most everything the duck can. It can act as a replacement for the duck but the ducky is still better if you only plan to use it for keystroke injection. It is still worth it at least to me to have both this and The USB Rubber Ducky because of the strength's and weaknesses of both.

Link to comment
Share on other sites

34 minutes ago, peterkozmd said:

Is it possible we could get a clearer description of how this differs or is similar to the usb rubber ducky? a little unclear as to the pros and cons (strengths and weaknesses) of this vs. the ducky. Is it still worth having a ducky or does this supersede it? i understand this runs slower and needs 7 seconds start time but aside from that how is it better?

is it still worth getting a ducky if you own this? yes i saw the video but still a bit unclear how so.

The Ducky is better suited for HID attacks as it is way faster at startup and execution compared to the Bunny that will take 5-7 seconds to even startup.  The ducky is instant and that is the advantage of the ducky.  I will tell you right now that if Im going into an engagement and only need to pop some malware on the host... im using a ducky. From what I can see the bunny is quite a bit bigger than the average size usb drive which is where the ducky also takes advantage of.

Link to comment
Share on other sites

the reason it takes that long to start is because its basically a small linux computer like a raspberry pi.  It has a quad core 1.6ghz cpu and 8gb pcie ssd which is fast and why it starts so fast.  None of my Pi's will start that quick even with a class 10 micro sd card and that is almost the same thing.  If your just looking for something to mess around with ducky scripts this is great if you will use it to its potential.  If your specific goal is to pentest and use a ducky script in an engagement then get a ducky.   I have ordered the bunny and I have a ducky and I will say that the size of the ducky is so important.  all you have to do is say hey look at these pictures on my usb drive and then boom you have them, but the bunny is a bit bigger and might raise caution to the client your trying to get.  

Link to comment
Share on other sites

20 minutes ago, peterkozmd said:

yeah might order a ducky as a supplemental attack when i need something quick and discrete, when time around the target is an issue. Hope there will be a nice tutorial on the way and the repository has some nice scripts available.

Darren said he was cleaning up the repo and then making it public.  I definitely suggest a ducky they are just as awesome as everything else hak5 makes.  It serves its purpose.

  • Upvote 1
Link to comment
Share on other sites

The Bash Bunny is not a USB Rubber Ducky replacement. While it's compatible with Ducky Script and supports a HID attack mode, that's only one of 5 current attack vectors.

 

The USB Rubber Ducky will always execute payloads faster (0.1 seconds vs 7 seconds), more economically (less than half the cost), and more covertly (with its generic flash drive case).

 

For social engineering ops, USB drops and attacks which require the target to plug in the drive, the USB Rubber Ducky is still the gold standard.

  • Upvote 3
Link to comment
Share on other sites

Can i write bash in payload.txt files for the bunny? I still havent been able to figure out if thats possible, like IF statements?

Edited by 0xicl33n
Link to comment
Share on other sites

11 hours ago, 0xicl33n said:

Perfect! So..this should work then?

I dont think the xprobe stuff will work though..sadly

In terms of Bash, that should work. Xprobe is not shipped in the firmware, but it can be installed using the tools_installer (something we are changing how it works). We may also include xprobe in the firmware or offer similar functionality to make choosing between OS specific payloads easier.

Link to comment
Share on other sites

14 minutes ago, illwill said:

@Sebkinne on Win10 home I get an error when installing the RDNIS drivers for the captive portal payload

its wierd though because i can just put ATTACKMODE RNDIS_ETHERNET by itself in a payload and it works fine, it seems like theres a bug or something if you put anything after ATTACKMODE RNDIS_ETHERNET in the payload then the drivers wont get installed/recognized

The captive portal will kill the internet connection, so you are right, it's possible that the driver cannot be installed. That's a bug in the framework though, because it should wait until the target has the driver's installed and requested an IP address.

I'll look into fixing it in the next version.

Link to comment
Share on other sites

  • 5 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...