The best Rubber ducky scripts to hack or mess with windows computer systems within seconds

The USB Rubber Ducky is a product designed and Sold by Hak5. Essentially its a USB keyboard without any keys that you can pre-program a set of keystrokes on to. When the device is plugged in, its installed as a generic keyboard and will then type whatever you have scripted it to use.

Since 2010 the USB Rubber Ducky has been a favorite amongst hackers, penetration testers and IT professionals. With origins as a humble IT automation proof-of-concept using an embedded dev-board, it has grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.

The programming language, dubbed DuckyScript, is a simple instruction-based interface to creating a customized payload. However, it runs independently from the microcontroller that installs the drivers to the machine. On some older models running Windows XP, the device took upwards of 60 seconds to install the drivers. On newer machines running Windows 7, it took anywhere from 10-30. And if the drivers take longer to install than the delay you put at the beginning of your payload, it will begin firing off anyways.

What is digispark?

The bootloader is the code that is pre-programmed on your Digispark and allows it to act as a USB device so that it can be programmed by the Arduino IDE.

The Digispark runs the “micronucleus tiny85” bootloader version 1.02, an open source project: https://github.com/micronucleus/micronucleus originally written by Bluebie: https://github.com/Bluebie


What is rubber ducky?

The USB Rubber Ducky is a Human Interface Device programmable with a simple scripting language allowing penetration testers to quickly and easily craft and deploy security auditing payloads that mimic human keyboard input. The source is written in C and requires the AVR Studio 5 IDE from atmel.com/avrstudio. Quack!

In short, it is a very promising and effective tool, but seriously lacks versatility. In some machines it may take 5 seconds to load the drivers, in others maybe longer than 60. Then you have to account for how long it will take to deliver your payload in accordance to how fast the machine can handle keystrokes.


The USB Rubber Ducky isn’t your ordinary HID (Human Interface Device). Coupled with a powerful 60 MHz 32-bit processor and a simple scripting language anyone is able to craft payloads capable of changing system settings, opening back doors, retrieving data, initiating reverse shells, or basically anything that can be achieved with physical access — all automated and executed in a matter of seconds.

The best rubbery ducky and Digispark USB scripts

RELATED ARTICLESMORE FROM AUTHOR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.