Time
2 hours 25 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Okay, Now we're gonna learn about the USB rubber ducky device itself and how it works.
00:05
So from the outside, as you can see here, it just looks like a normal everyday flash drive. Nothing really gives it away as being a hacking device. And that's for a reason. You don't want people to know that this is actually used. Toa hack them
00:20
So this device actually comes apart. There's a case here, so let's go ahead and take that off.
00:28
Here we go.
00:30
On the bottom here, there's a little hole, and I like to use a paper clip to pry these two pieces apart to get it open.
00:40
All right, so, as you could see here is the device itself.
00:46
And here we have the micro SD slot.
00:51
You know, pull that out.
00:54
Now, the reason that has a slot like that is because since this device acts as a keyboard, you will need to actually put the storage device and to an adapter to in order to put the payloads on. And this actually comes with an adapter for Mike arrestee card and looks something like this.
01:14
So what you'll do is you'll take your your SD card, and you put it in this adapter here,
01:19
and then you'll put your payload on. And then once you're payloads on their radio, you put it back in this device, put the case together, and then it's good to go.
01:27
Okay, let me show you what you have to do to encode these payloads and put them back on the advice.
01:34
Okay, so we're gonna take this my Krusty,
01:36
and we're gonna put it in her adapter,
01:38
and then let's plug it into our computer.
01:45
You switch cameras here. Okay? So this is the script I'm gonna be using in this demonstration.
01:52
Ah, So once you have your script all typed out, you're gonna actually need to encode this. Now, the way we're gonna be doing it is by visiting this website, it's me. Duck toolkit dot com slash encoder
02:02
s. So what you'll need to do is once you have your script, all right, now
02:06
you're gonna go ahead and copy it.
02:07
Okay?
02:08
Go back to this coding web site
02:12
pasted in here
02:15
the once it's paste in there you go on, select your language by default. It's for great Britain on. We're gonna change that. United States because that's where I am. But as you can see, there's a number of different languages you can use.
02:29
So if we have that selected, we're gonna hit generate script,
02:31
it's gonna pop up a warning message, Just say OK,
02:36
and then you have these two files download. We're gonna be downloading this. Inject up and file. Let's go ahead and download that.
02:45
Okay,
02:46
so now we're gonna place this file on to that micro SD card.
02:53
Let's go ahead, move it
02:54
and already have a file with the same name. And there someone's going to replace it.
03:00
No, you can only have one inject op been file, and it has to be named this and run.
03:07
You can put other things on toothy micro SD card, but they have to be in a folder like this. So I have some other payloads that archive so through enough holder called archive.
03:19
Now let's plug it back in to our USB reproduction.
03:27
Okay, so let me unplug it here,
03:30
and I'm going to remove the card from the adapter. Let's bring her USB rubber ducky back.
03:38
Okay, so let's go ahead and plug it back into the slot here
03:42
and put it back together.
03:49
Do that. It's such
03:53
And there we go to No, let's plug it in the computer and see what it does.
04:00
Okay,
04:00
So I'm going to plug it in here,
04:04
and all the script does is gonna open a command window
04:10
her command prompt. So it's gonna wait for five seconds. We'll give it a minute here,
04:18
so it's as easy as that. Now it takes sometimes when you're making payloads quite a few revisions. So you will probably have to do this quite a bit when you're making a script to encode it download it tested out. So this is the process of doing that.
04:38
Now, if you're wondering about other devices, uh, this here is actually a mild. We know there's a couple versions. This version has a bunch of switches here, and you can have up to 16 payloads on this version. Also has a a micro SD slot to put your payloads on.
04:57
Ah,
04:59
the disadvantage with this one is it doesn't come with a case. So if you were actually going to deploy this this you have to put a case on this and this one I don't think is really meant to be deployed because it has. He switches on here, so it's really meant for Attackers to carry with them
05:16
and switch to different payloads and plug them into machines.
05:19
But there's another version here that doesn't have the switches. It's just all by itself. So there are other options, and this was actually at least half the price of the USB rubber ducky and has the ability to have up to 16 payload, so that's that's kind of nice there.

Up Next

USB Drop Attack

Malicious devices are everywhere these days, whether you can see them or not.

Instructed By

Instructor Profile Image
Shawn Briere
Information Security Analyst
Instructor