This research project focused on exploiting Windows machines with Hak5 USB Rubber Duckies, a keystroke injection tool disguised as a generic flash drive. Computers recognize the Rubber Ducky as a regular keyboard and automatically accept its pre-programmed keystroke payloads at over 1000 words per minute. The techniques used by the 2020 Group consist of reverse shells, file transfers, installing malware, changing backgrounds, and blasting loud music on Windows machines.
The duration of this project was the 2020 Fall semester. You can view a presentation of the 2020 Rubber Ducky Research here.
Learn how RIT students used Rubber Duckies to exploit Windows machines
High-level
Hackers often have to type things on a keyboard when attacking a system. Typing can get tiring, and it is easy to make typos. Sometimes typos can cause inaccurate results or leak the presence of the attacker. Thus, typing accuracy is often critical to the success of an attack.
Consequently, hackers created a device that would type everything for them, called the USB rubber ducky. It looks like a typical USB. However, these devices can be extremely dangerous.
When an attacker inserts the USB into a computer, it is usually undetected by antivirus software. Thus, there are few defenses against USB rubber duckies. Additionally, the rubber ducky executes the commands incredibly fast, so the attacker can complete their work in a few minutes.
While the rubber ducky resides in the computer, it can steal and transfer files, and change settings and permissions. In other words, the attacker can change settings to block antivirus software and obtain emails, passwords, and documents.
🌸👋🏻 Let’s take this to your inbox. You’ll receive occasional emails about whatever’s on my mind—offensive security, open source, academics, boats, software freedom, you get the idea.
Low-level
USB rubber duckies are devices that automate commands otherwise typed by a keyboard. Keystroke/command automation ensures accuracy and efficiency. Rubber duckies often run on a typical USB, but its software runs on other devices too. Although the rubber ducky can do many things, some of the most common functionalities include changing settings and permissions, stealing and transferring information, and executing whatever code the attacker wants on a computer.
Project origin
The Rubber Ducky project was started by Shannon McHale (’20) and Jon Bauer’s (’20) as a RITSEC Mentorship Group.
RITSEC is a student club dedicated to teaching “Security Through Community.” RITSEC educates and prepares RIT students to compete in offensive and defensive security competitions. It is the largest academic club at RIT and the second largest club on campus.
Further reading
If you enjoyed this post about USB rubber duckies, checkout my other projects.
