If you are reading this, you know what a USB Rubber Ducky is, so I will skip the intro.
Darren will be seriously pissed at me for writing this, but at $49 each, on a physical Red Team engagement, you might want more than one of these beauties. In fact, you might want half a dozen. Or depending on your target, you could need 20 or 30. That starts turning into serious money. Also, you want to drop them in interesting places, but leave them there. Do you want to leave behind $500 or $80?
So here is a cheap alternative.
I (admittedly I was bragging at the time) said on twitter I could make a Rubber Ducky for less than $8.
Thats slightly incorrect. The box I got cost $9, but in the box came 3 digisparks. So you might have to spend $9 but you get 3 digisparks, and from that you have 3 Duckys.
So lets get started.
Download the Arduino IDE 2.*
I downloaded this: https://downloads.arduino.cc/arduino-ide/arduino-ide_2.0.0_Linux_64bit.AppImage
Install it and run it. Fun fact: To get it working on my system, Debian 10, I had to run this:
sysctl kernel.unprivileged_userns_clone=1
Once your Arduino IDE is open, click “Select Board”. and click “Select other boards” and select “Digispark (Default – 16.5mhz)”
You will then be presented with a code input. Put in this:
#include "DigiKeyboard.h" void setup() { // don't need to set anything up to use DigiKeyboard }void loop() { DigiKeyboard.sendKeyStroke(0); DigiKeyboard.println("echo 'Thanks Denartha!'"); DigiKeyboard.delay(5000); }
Obviously, println is where your payload will go, and it will take a bit of trial and error to get your personal or customised payloads correct using this method, but they do work.
This little recipe uses a digispark, courtesy of digistump.com, who are nolonger selling via their site. However, there are loads of these little guys available on Amazon, eBay, and other places – for often times cheaper than I quoted.
Any questions, feel free to comment or, email me.