School project which showcases what is a Rubber Ducky and what can be done with it.
For the project presentation at school, we wanted to showcase two different uses for the Rubber Ducky, firs was the Intro.py script, which opened a YouTube window with Never Going To Give You Up by Rick Astley, 8 seconds later closed it and opened the PowerPoint presentation we had prepared. We wanted to show the fun and harmless ways the technology could be used.
After the presentation, we changed the script, live for our classmates to see to DNSpoisoning.py, we then plugged in the Rubber Ducky to a virtual machine.
The script adds a line of text to the hosts file in C:/Windows/System32/drivers/etc/hosts, this file resolves domain names before asking your DNS server, and we added a line that made typing google.com or www.google.com resolve to a different IP, it was our own server running the NodeJS web server. Witch meant that going to the domain would show the fake Google login form we made.
Like the one deployed in this page. (Don't fill in form with real data)
I am using the DigiSpark Rubber Ducky.
Three things:
Install with winget (Windows):
winget install -e --id Python.PythonInstall with apt:
sudo apt install python3You can also go to the Python download page
You have to download this python script.
Install with winget (Windows):
winget install -e --id Arduino.ArduinoOther OS and more options in Arduino's software page
After install go to File → Preferences → Additional Boards Manager URLs and paste in the following text:
http://digistump.com/package_digistump_index.json
Now on to Tools → Board → Boards Manager. Look for and install digistump AVR
We should have everything we need installed now. I case things don't work as intended you can install the drivers from these links:
SHA256 CheckSum: 14F575FFBAF2E9BA6BA05B75426E90D7010E4650E1E27AACC2EF3F688AA4066E
SHA256 CheckSum: 84BE3FC0BE0C18563CB2B5E53971DA6AA83E20F1DE37E6DEBAE3B55F8B0EDBB3
Note: I was not able find Linux drivers, it might be simply because Linux does not need them or because they don't exist
Arduino code is uploaded to the Rubber Ducky, but since writing that code is complex, we simplify it by writing simple instructions instead. And then use the Duckyspark_translator.py file to create the actual .ino file we'll use.
Once we have a txt payload file written, we run the following command on out terminal:
python3 Duckyspark_translator.py instructions.txtThe terminal should respond with a Success! message.
Afterwards we can open the digipayload.ino file it has created in the python script's folder, run it and follow its instructions.
After that your Rubber Ducky is ready to be used.
DELAY n → Waits n milliseconds
STRING text → Presses corresponding keys to that text
GRI r → Presses windows key along with whatever other keys you want. Ej: Win+r
Fx 11 → Presses function keys. Ej: F11
REPEAT n → Repeats the previous instruction n times
And here is a list of pretty self-explanatory instructions:
ENTER, SHIFT, ALT, CTRL, SPACE, ESC, TAB
You can also combine them, like if I wanted to do Ctrl+Shift+Enter I'd wright CTRL SHIFT ENTER
Note: If your using function keys with another instruction you can just wright F and the key. Ej: ALT F4
There are two instruction files in this proyect:
- Intro.txt → Just a fun script to begin our presentation, it rickrolls for 9 seconds, closes the browser and opened the presentation.
- DNSpoisoning.txt → Main project file, it runs a cmd with administrative privileges witch it uses to insert a new line in the hosts file, which will make typing google.com or www.google.com resolve to a different IP
Take a look at these other payloads.
Made with NodeJS and using MongoDB, basic HTML and CSS for the frontend.
The page is made to look like a Google login, it has some notable differences with the original, but it looks convincing enough. Once a user completes the from and submits it, the entered data will be sent and stored in the MongoDB.
