Hacker’s Tool of the Month: The Rubber Ducky

What could you do if you only had a few seconds or minutes at someone’s computer? Turns out a lot, if you have a Rubber Ducky USB drive and it works on Windows, Mac, Linux or Android systems. With pre-loaded scripts you can steal and crack windows system passwords, grab Wifi or network credentials, upload malware, keystroke loggers or just about anything else a skilled hacker could do if he had access to your computer, but in only seconds. It was recently used on Mr. Robot for just that purpose.

The primary use is to run pre-defined hacking scripts at extreme speeds. It has a very simple to learn scripting language that can allow the tester, or hacker, to pre-load the entire attack on the ducky. All they need is a running computer and access to the USB drive. This is why everyone should remember to hit the windows and “L” key to lock your system when leaving your computer for even a second. The scripts can grab windows system passwords, Wifi credentials, logs, or specific files in seconds. So while that contractor is bent over tying his shoe near the back of your computer he can slip the ducky into an open USB and steal your password.

Available for under $45 a Rubber Ducky mimics an HID, Human Interface Device, such as a computer keyboard or smartphone keyboard. They’re a popular tool of pentesters and hackers because they come loaded with, or have available, firmware updates such as other languages, hacking and sniffing tools, and built-in mass storage so you can save the information you want to steal all in one quick moment.