USB Rubber Ducky

Imagine plugging in a seemingly innocent USB drive into a computer and installing backdoors, exfiltrating documents, or capturing credentials.

With a few well crafted keystrokes anything is possible. If only you had a few minutes, a photographic memory and perfect typing accuracy.

The USB Rubber Ducky injects keystrokes at superhuman speeds, violating the inherent trust computers have in humans by posing as a keyboard.

Inventing keystroke injection in 2010, the USB Rubber Ducky became the must-have pentest tool. With a covert design and simple "Ducky Script" language, this bad USB infiltrates systems and imaginations the world over.

Quack like a keyboard





What is the best security awareness payload for the Rubber Ducky?

What is the best security awareness payload for the Rubber Ducky?

A two second HID attack against Windows and Mac that launches the website of your choosing. That's by far the most effective security awareness payload for the USB Rubber Ducky.

The 3 Second Reverse Shell with a USB Rubber Ducky

The 3 Second Reverse Shell with a USB Rubber Ducky

A reverse shell is a type of shell where the victim computer calls back to an attacker’s computer. The attacking computer typically listens on a specific port. When it receives the connection it is then able to execute commands on the victim computer. In essence it’s remote control of a computer.
What's the quickest way to steal a Windows password hash?

What's the quickest way to steal a Windows password hash?

Using a USB Rubber Ducky and this simple payload, Windows password hashes can be captured for cracking in less than two seconds.

15 Second Password Hack, Mr Robot Style

15 Second Password Hack, Mr Robot Style

In honor of the USB Rubber Ducky appearance on a recent episode of Mr Robot, we’re recreating this hollywood hack and showing how easy it is to deploy malware and exfiltrate data using this Hak5 tool.


Sign up for sales, new releases, payloads and more…

Sign up today