The USB Rubber Ducky is a keystroke injection tool disguised as a USB flash drive that is recognized as a keyboard by computers. It exploits the trust computers place in human interface devices to run pre-programmed keystroke payloads at high speeds without detection from antivirus software. While it can be an effective penetration testing tool, its real-world effectiveness is questionable due to initial driver installation delays and limitations to running only one payload at a time. Prevention methods include disabling USB keyboards and not using administrator privileges.

1. MADHURA M
3RD YEAR, CSE

2. USB RUBBER DUCKY

3. WHAT IS IT?
KEYSTROKE INJECTION TOOL.
DISGUISED USB FLASH DRIVE, RECOGNISED BY THE
COMPUTER AS A KEYBOARD.
EXPLOITS THE INHERENT TRUST THAT COMPUTERS HAVE
ON HID(HUMAN INTERFACE DEVICES).

4. HISTORY
7 YEARS OF DEVELOPMENT

5. FEATURES
SPEED – CAN INJECT KEYSTROKES AT 1000
WORDS/MINUTE.
FAST 60 MHZ 32-BIT PROCESSOR.
UNDETECTABLE BY ANTI VIRUS.
EXPANDABLE MEMORY VIA MICRO SD CARD.
SIMPLE SCRIPTING LANGUAGE.

6. DUCKY SCRIPT

7. WHAT NEXT?
COMPILE THE SCRIPT TO CONVERT IT
INTO A HEX FILE.
THE HEX FILE IS CALLED PAYLOAD, AND
NAMED AS INJECT.BIN

8. HOW TO GET IT?

9. OR MAKE ONE!
DEVELOPMENT BOARDS-ARDUINO/RASPBERRY PI.
ANDROID PHONE WITH KALI NETHUNTER.
FROM A NORMAL USB DRIVE

10. FIRMWARES
TWIN DUCK
MULTI-DUCK AND TWIN DUCK

11. DRAWBACKS
REAL WORLD EFFECTIVENESS IS QUESTONABLE.
THE INITIAL DELAY REQUIRED TO INSTALL THE
HID DRIVERS.
ONLY ONE PAYLOAD AT A TIME.

12. PREVENTION AGAINST ATTACK
DON’T LOGIN AS AN ADMINISTRATOR.
DISABLE USB KEYBOARD.

13. REFERECES
 TO PURCHASE-
 GITHUB PAYLOADS
 PAYLOAD GENERATOR
 ENCODER
 NETHUNTER
 REGULAR USB FLASH DRIVE TO DUCKY.