Design your own USB Rubber Ducky Ethical Hacking tool!

Design your own USB Rubber Ducky Ethical Hacking tool!

Installing backdoors, exfiltrating documents, or capturing credentials is incredibly easy with a seemingly innocent USB drive called the USB Rubber Ducky. An Expert hacker with a few minutes, photographic memory and perfect typing accuracy can use a few well-crafted keystrokes to hack virtually anything they have physical access to. However, the right hardware can do the same thing every time on demand without fail. That’s where the Rubber Ducky and other Human Interface Devices (HID) come into play. They inject keystrokes at superhuman speeds, violating the inherent trust computers have in humans by posing as a keyboard.

In this class, we’ll learn more about what HID attacks are, how they work, the social engineering that can be involved in their deployment, and how to use them in your Pen-testing engagements. Keyboards announce themselves to computers as HID devices and are in turn automatically recognized and accepted. We'll program a microcontroller in Arduino to take advantage of this by acting as an HID device. We can then create our scripts that run when the device is plugged into a target computer. All at only a fraction of the cost of the more well-branded USB Rubber Ducky!

Students will learn to use a low-cost Digispark to program their payloads for use in Ethical Hacking and Penetration testing. We'll go over creating more advanced payloads, including tracking payloads which run in the background, as well as Rickroll payloads which can be used with permission on friends and family to demonstrate how HID attacks work. Additionally, students learn to automate nearly anything on an unattended device which can be extremely useful when you need to run the same commands on a series of computers. That’s how the Original USB Ruber Ducky was invented. Hak5 founder Darren Kitchen, while working as a sysadmin, got tired of typing the same commands to fix printers and network shares, again and again, the device evolved out of laziness. He programmed a development board to emulate the typing for him - and thus the keystroke injection attack was born.

Use a cheap microcontroller and Arduino IDE to write your own Human Interface Device payloads for Penetration testing

Url: View Details

What you will learn

• Hacking with Human Interface devices
• Writing your first ethical hacking payload
• Creating advanced tracking payloads

Rating: 4.1

Level: Beginner Level

Duration: 2.5 hours

Instructor: Kody Kinzie