Pi Zero Ducky
For a while now I’ve been really interested in Hak5’s USB Rubber Ducky, but I just couldn't bring myself to spend $45+ on something I really have no use for.
also had a Pi Zero sitting on my office desk for a few months as
well. I’ve used it for a few things, but I’d never found
something it can do that my desktop, Pi 2, or Orange pi couldn’t do
better. But what if I could use it to build my own USB Rubber Ducky?
The form factor of
the pi zero is small enough, and from previous use I know it can be
run off just the USB port alone. So with a little soldering I was
able to add a male USB plug to it.
I salvaged the male USB from an old cable I had laying around. Doing this provided me not only the plug, but I was able to use the wire from inside the cable to use to solder the male plug to the Pi board.
There's a good article that goes into more detail on how to wire it, along with the file to print a 3D case for it here. I am still waiting to get access to a 3d printer, so in it’s current state it’s not the prettiest, but for now a little hot glue will work just fine to hold everything together.
Now you need to write an image to the SD card you'll be using with the Pi so that it will be recognized as a HID device and run scripts. The one I used in the project is called DuckBerry Pi, it can be found here. Once downloaded you need to write it to the SD card. To do this I use Rufus. When selecting an image to write, you'll need to change the option from "ISO image" to "All files". This will create a bootable disk image using DD Image.
Once you have DuckBerry Pi written to your SD card, the last step is to set your payload. To do this, you'll need to right click on the "payload.dd" file on the SD card you imaged and edit the file. I prefer to do this with Notepad ++, but you could use whatever text editing program you prefer.
Now that you have the payload file open all you need to do is add your payload. Writing ducky script is very simple, but if you don't fee like learning, there's lots of pre-written scripts here.
Voila! Your very own (feu) Rubber Ducky that only costs $5
Below is a Ducky Script I wrote that opens notepad, displays some text on the screen, opens a command prompt, makes the prompt less noticeable, then runs ipconfig and exports the results to a text file on your desktop. Nothing nefarious, but just a proof of concept.
WINDOWS d GUI r DELAY 500 STRING notepad DELAY 500 ENTER DELAY 750 STRING Whoops! Looks at that. This seems to be running on it's own. I wonder what else it can do? DELAY 500 ENTER DELAY 500 STRING OH! I know! What if I run some commands on my own, that sounds like fun! ENTER DELAY 500 ENTER DELAY 500 STRING Maybe I could find your IP and export it to a .txt file. DELAY 500 GUI r DELAY 500 STRING cmd ENTER DELAY 500 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER DELAY 500 ENTER DELAY 500 STRING ipconfig >%USERPROFILE%\Desktop\.ipconfig.txt DELAY 500 ENTER DELAY 500 GUI r DELAY 500 STRING %USERPROFILE%\Desktop\.ipconfig.txt ENTER