Jump to content

Payloads and Programming


SKELTON69
 Share

Recommended Posts

Hi, 

I'm debating on weather or not I should buy the bad rubber ducky USB cause I want to learn hacking. I was wondering how I don't get hacked by myself or execute payloads when programming. Is there a way to stop or prevent the rubber ducky from executing the payload to continue the rest of the program? Like how do I not hack myself when programming it for the second, third time e.t.c. Please reach out I need to know

Link to comment
Share on other sites

Not sure what you mean. When you are developing the payloads, the Ducky isn't "active" since you pull the Micro SD card from the Ducky and insert the card into the computer where you are developing the payload (using a Micro SD card reader). Then you encode the payload, put it on the Micro SD card, then insert it into the Ducky and then insert the Ducky into the target machine to execute the payload. But, if you use the same computer that you develop payloads on to also test the payloads, then you are "hacking yourself". It all depends on how malicious the things you intend to develop really are. Most often it's no big deal running payloads on the same machine. I, however, separate the payload development from the testing and do the two things on different computers. Read about the basics on the help site (or the old docs site) or download/order the free Ducky e-book in the shop to get more knowledge about how it all works.

  • Upvote 1
Link to comment
Share on other sites

So I just Insert only the SD card into my computer when programming right? But when I'm executing payloads I insert the SD card in the rubber ducky, then I plug the ducky?

So the SD card Isn't programmed as an HID device its the actual USB right? I did download or order the thing and I'm going through reading it. I just wanted to make sure I don't have endless rickroll music playing when I try to program a prank or something ya know.

Link to comment
Share on other sites

When you get the Ducky delivered it should come with (at least) the Ducky, a Micro SD card and a USB Micro SD card reader.

Insert the Micro SD card into the USB Micro SD card reader and insert the reader into a computer. Check that there is an inject.bin file on the root of the Micro SD card. It has been reported that some cards doesn't contain an inject.bin file upon delivery of the Ducky.

Now there are mainly two paths to walk from here.

Either you trust the already existing inject.bin file and in that case you safely eject the Micro SD card from the computer. Remove the Micro SD card from the USB Micro SD card reader and insert it into the Ducky card slot. Then insert the Ducky to the target computer and verify that the payload executes.

Or, if you want to directly replace the original inject.bin on the Micro SD card, then you leave the reader/card in the computer and delete (or move) the inject.bin file from the Micro SD card. Develop a new payload, encode it to an inject.bin file and then copy/move it to the Micro SD card. Safely eject the Micro SD card and then move the Micro SD card over to the Ducky. Insert the Ducky to the target/victim computer/device for which the payload has been developed.

Then continuously loop the development cycle when working with the Ducky:
1) With the Ducky powered off/not attached to anything; remove the Micro SD card from the Ducky
2) Insert the Micro SD card to the USB Micro SD card reader
3) Insert the USB Micro SD card reader to the computer used for developing payloads (or skip the USB Micro SD card reader if the computer has an internal card reader slot)
4) Encode the payload to an inject.bin file
5) Move/copy the inject.bin file to the root of the Micro USB card (remove any existing inject.bin file or simply overwrite it)
6) Safely eject the Micro SD card from the computer
7) Remove the Micro SD card from the reader/computer and insert it into the Ducky card slot
8.) Insert the Ducky to the target/victim computer/device (which may be the same computer as the one where the payloads are developed/encoded, but depending on the payload characteristics, it may be a good idea to keep development and testing on separate machines)
9) Wait for the payload to execute

Edited by dark_pyrro
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...