Rubber Ducky
A rubber ducky is a USB stick that is recognized as a keyboard and automatically executes scripts. When inserted, the script programmed beforehand is executed.
What is the Rubber Ducky?
Rubber Ducky is a keystroke injection tool developed by Hak5. This tool, resembling a USB stick, allows for automated keyboard inputs to be executed on any device equipped with a USB slot.
The keyboard inputs to be executed are created using the specifically designed scripting language for Rubber Ducky, called Ducky Script, and stored on a memory card.
Once connected to a computer, Rubber Ducky executes the predefined inputs.
The special devices
Advantages:
- The script is automatically executed, based on what has been saved to the memory card beforehand.
Disadvantages:
- Only one script can be saved.
Advantages:
- Thanks to the Wi-Fi connection, you can run as many scripts as you want.
- You can leave it inside the PC and use it repeatedly.
Disadvantages:
- It can be quickly detected as the Wi-Fi signal is always active.
How can you protect yourself?
Unfortunately, there are few ways to protect oneself.
- If you’re unsure about these USB sticks, there’s a specific device designed to detect them.
- Deactivating the ports (USB slots) is possible, but it’s quite inconvenient since USB sticks are frequently needed.
- To minimize damage, one could adjust the UAC window to always ask for a password instead of having the ‘Yes/No’ option.
Increase the security settings of the UAC window:
Enter “UAC” in the search bar. Then click on “Change user account control settings”.
To increase security, you can move the bar on the left to the top. Then click on “OK” and restart the device. Otherwise the settings will not be applied.
The Ducky Script
The Ducky Script is very easy to understand. You only have to write what you see on the keyboard.
SYNTAX
The syntax of Ducky Script is simple. Each command is on a new line and can be followed by options. The commands are written in capital letters, because ducks are loud and like to cackle with pride. Most commands invoke keystrokes, key combinations or text strings, while some offer delays or pauses. In the text below you will find a list of commands and their functions, followed by some examples of use.
REM
REM is a comment and will not be executed.
REM The next three lines execute a command prompt in Windows
GUI r
STRING cmd
ENTER
DEFAULT DELAY OR DEFAULTDELAY
DEFAULT_DELAY or DEFAULTDELAY is used to specify how long (in milliseconds * 10) to wait between each subsequent command. DEFAULT_DELAY must be specified at the beginning of the Ducky script. Not specifying DEFAULT_DELAY results in faster execution of Ducky scripts. This command is particularly useful for debugging.
DEFAULT_DELAY 10
REM delays 100ms between each subsequent command sequence
DELAY
DELAY creates a temporary pause in the Ducky script. It is very useful for creating a short pause between successive commands that may take some time to process on the target computer. The DELAY time is specified in milliseconds from 1 to 10000.
DELAY 50
REM will wait 500ms before continuing to the next command.
STRING
STRING processes the following text and pays particular attention to the automatic shift. STRING can accept a single or multiple characters.
STRING | az A. Z 0..9!)~+<>.?[{}/!@#S %^&*()
GUI r
DELAY 50
STRING notepad.exe
ENTER
DELAY 100
STRING Hello world!
ALT
The ALT key is located to the left of the space bar on most keyboards and is very important for many automation processes.
CONTROL
ALT JEND, ESC, ESCAPE, F1… F12, Single Char, SPACE, TAB
GUI r
DELAY 50
STRING notepad.exe
ENTER
DELAY 100
STRING Hello World
ALT f
STRING S
leetness and CTRL+S
REM alt-f pulls up the File menu and s saves. This two keystroke combo is why ALT is jealous of CONTROL’s
WINDOWS OR GUI
Windows button = GUI
GUI r
REM will hold the Windows-key and press r, on windows systems resulting in the Run menu.
MENU OR APP
It Emulates the app key, which is sometimes also referred to as the menu key or context menu key. On Windows systems, this corresponds to the SHIFT F10 key combination, which generates the menu in a similar way to a right-click.
GUI d
MENU
STRING V
STRING d
REM Switch to desktop, pull up context menu and choose actions v, then d toggles displaying Windows
desktop icons
CONTROL OR CTRL
CONTROL =
CONTROL I BREAK, PAUSE, F1..F12, ESCAPE, ESC, Single Char || CTRL | BREAK, PAUSE, F1 F12, ESCAPE, ESC, Single Char
CONTROL ESCAPE
REM this is equivalent to the GUI key in Windows
ARROW KEYS
DOWNARROW or DOWN || LEFTARROW or LEFT|| RIGHTARROW or RIGHT || UPARROW or UP
Extended commands
These extended keys are useful for various key combinations and operating system-specific functions and include:
BREAK or PAUSE
SHIFT
CAPSLOCK
DELETE
END
ESC or ESCAPE
HOME
INSERT
NUMLOCK
PAGEUP
PAGEDOWN
PRINTSCREEN
SCROLLOCK
SPACE
TAB