The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute.
Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, and many other automated functions for the penetration tester and systems administrator.
Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals. With origins as the first IT automation HID using an embedded dev-board, it has since grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.
Nearly every computer including desktops, laptops, tablets and smartphones take input from Humans via Keyboards. It's why there's a specification with the ubiquitous USB standard known as HID - or Human Interface Device. Simply put, any USB device claiming to be a Keyboard HID will be automatically detected and accepted by most modern operating systems. Whether it be a Windows, Mac, Linux or Android device the Keyboard is King.
By taking advantage of this inherent trust with scripted keystrokes at speeds beyond 1000 words per minute traditional countermeasures can be bypassed by this tireless trooper - the USB Rubber Ducky.
The USB Rubber Ducky's scripting language is focused on ease-of use. Writing payloads is as simple as writing a text file in notepad, textedit, vi or emacs.
We learned from the experiences of hundreds of hackers worldwide working on the original prototype dev-board. Based on their feedback we developed a truly remarkable custom hardware platform with an order of magnitude more processing power and versatility.
Windows, Mac, Linux, Android - they all love keyboards. Convenience is king, so when it comes to plugging in a new input device the default is to accept and obey. Keyboards represent human input afterall. Before USB there were various standards, be it PS/2, AT, Apple Desktop Bus and various other DINs. Now that everything is Universal the Human Input Device is "Plug and Play".
The USB Rubber Ducky project has fostered considerable innovation and creativity among the community. Some gems include