Forum Thread: Keystroke Injection Tool - Rubber Ducky

USB Rubber Ducky
The Original Keystroke Injection Tool

Since 2010 the USB Rubber Ducky has been a favorite amongst hackers, penetration testers and IT professionals. With origins as a humble IT automation proof-of-concept using an embedded dev-board, it has grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.

Quack Like a Keyboard!

Nearly every computer including desktops, laptops, tablets and smartphones take input from Humans via Keyboards. It's why there's a specification with the ubiquitous USB standard known as HID - or Human Interface Device. Simply put, any USB device claiming to be a Keyboard HID will be automatically detected and accepted by most modern operating systems. Whether it be a Windows, Mac, Linux or Android device the Keyboard is King.

By taking advantage of this inherent trust with scripted keystrokes at speeds beyond 1000 words per minute traditional countermeasures can be bypassed by this tireless trooper - the USB Rubber Ducky.

Ducky Script. Simply Simple.

USB Rubber Ducky's scripting language makes writing payloads simple. No programming experience needed.

Typing "Hello World" is as simple as programming STRING Hello World

Add pauses in between commands with DELAY. Try DELAY 100 for short 100 milliseconds pauses or DELAY 1000 for longer 1 second pauses.

Combine specials keys. ALT F4, CONTROL ESCAPE, WINDOWS R, SHIFT TAB. They all do exactly as you might expect.
Comment your code! Use REM just as you would in any other language.
That's it! You just learned Ducky Script.

Unmatched Performance, Simplicity and Value.

We learned from the experiences of over 100 hackers worldwide working on the original prototype dev-board. Based on their feedback we developed a truly remarkable custom hardware platform with an order of magnitude more processing power and versatility.

Fast 60 MHz 32-bit Processor
Convenient Type A USB Connector
Expandable Memory via Micro SD
Hideable inside an in an innocuous looking case
Onboard Payload Replay Button

Cross Platform.

Windows, Mac, Linux, Android - they all love keyboards. Convenience is king, so when it comes to plugging in a new input device the default is to accept and obey.

Keyboards Represent Human Input Afterall.

Before USB there were various standards, be it PS/2, AT, Apple Desktop Bus and various other DINs. Now that everything is Universal the Human Input Device is "Plug and Play".

Step 1: Community Firmware, Encoders and Toolkits

The USB Rubber Ducky project has fostered considerable innovation and creativity among the community. Some gems include

Customize pre-assembled attacks from our repository - Payload Wiki
Online Duck Toolkit for simple Reconnaissance, Exploitation and Reportin
The Simple Ducky Payload Generator with Password Cracker and Meterpreter and Netcat integration
The VID & PID Swapper to cloak your device
Ducky-Decode Firmware and Encoder adding Mass Storage, Multiple Payloads, Multilingual and more.
And of course the USB Rubber Ducky Forums for Payload sharing, suggestions, questions and information.

Check out for purchase & more hardware !

1 Response

How can we hack the victim pc with this device? If a vicim using vpn or dynamic ip address and attacker too ??

Share Your Thoughts

  • Hot
  • Active