USB Rubber Ducky and a New ToolKit

USB Rubber Ducky

The USB Rubber Ducky is a product designed and Sold by Hak5. Essentially its a USB keyboard without any keys that you can pre-program a set of keystrokes on to. When the device is plugged in, its installed as a generic keyboard and will then type whatever you have scripted it to use.

ducky2

Duck Code

Duck code is how you program what keystrokes the USB device sends when it is plugged in.

DELAY 1000
GUI r
notepad.exe
ENTER
STRING Hello World!

For a full list of supported commands you can visit the official help pages over at usbrubberducky.com

Once you have finished writing your code you need to encode the script in to a language the USB can talk. That’s where the encoder comes in.

The DuckToolKit

The original encoder was written in Java by Darren Kitchen and Midnight Snake with support for several languages and keyboard layouts.

The original encoder has not had a real update for a few years and my Java is poor. So with the help of James Hall we set about writing a new one in python and creating it in such a way that it could be used as a library and imported in to other projects.

I’m hoping that the new encoder also makes it easier for the community to aid in its continued development.

As part of this development we also created a decoder that will take a ducky inject.bin and reverse it back to readable text. NOT back to a valid ducky code script. (Yet)

You can find all the source code on the github page https://github.com/kevthehermit/DuckToolkit

Installation

There are 3 ways to install or use the DuckToolkit

sudo pip install --upgrade ducktoolkit
ducktools.py . . .
git clone https://github.com/kevthehermit/DuckToolkit
cd ducktoolkit
sudo python setup.py install
ducktools.py . . .
git clone https://github.com/kevthehermit/DuckToolkit
cd DuckToolkit
python ducktools.py . . .

The toolkit has been tested on Windows and Linux. Use any of the above methods or download the latest release manually via the Github website.

Using the DuckToolKit

To encode

ducktools.py -e -l gb /path/to.duck_text.txt /path/to/inject.bin

To Decode

ducktools.py -d -l gb /path/to/inject.bin /path/to/duck_text.txt

As a Library

from ducktoolkit import encoder, decoder

duck_text = 'STRING Hello'
language = 'gb'
duck_bin = encoder.encode_script(duck_text, language)

duck_bin = open('inject.bin', 'rb').read()
language = 'gb'
duck_text = decoder.decode_script(duck_bin)

The Web App

James Hall designed the original duck tool kit website, Using the java encoder it was a place to encode and create payloads from a set of pre built scripts. It worked extremely well but with the java encoder was difficult to maintain and update.

ducky_old

So as we were updating the encoder we also updated the ducktoolkit website moving away from JSP, integrated the new python library and added a layer of bootstrap. We also redesigned the way scripts were selected and compiled. This makes it easier for us to create or modify scripts and get them updated on the website very quickly.

duck_new_main

Creating a payload for your ducky is as simple as selecting an operating system and the appropriate mini scripts, configuring the variables and then downloading the inject.bin.

duck_new_encode

At the moment all the duck scripts are targeting the windows OS using power shell. Future updates will see scripts targeting Nix and Mac using some shell and python scripts.R

All injects are created in memory and are not written to disk, but if your still not comfortable encoding on the website we also give you the duck script so you can use the standalone toolkit to create your inject in the comfort of your own home.

If you have any issues with the site or the encoders. please open an issue on the github or leave us a message in the discus boards at the bottom of every page on the site.

As usual questions, queries comments below.

 

 

Comments