Open In App

USB Rubber Ducky – PenetrationTesting

Last Updated : 30 Sep, 2022
Like Article

USB Rubber ducky is an HID device that looks similar to a USB Pen drive. It may be used to inject keystroke into a system, used to hack a system, steal victims essential and credential data can inject payload to the victim’s computers. The main important thing about USB Rubber ducky is that it cannot be detected by any Anti-Virus or Firewall as it acts as an HID device.

HID Device

HID stands for Human Interface Devices, it includes devices like keyboard, mouse, joystick. which acts as an interface between the computer and human beings. That is why it cannot get detected as the computer thinks its an interface.


  • USB Rubber ducky is a kind of key injection tool, can be used as malicious or non-malicious keystroke.
  • It is one of the favorite devices of hackers penetration testers as it is very fast and did not detect by ant PC.
  • USB Rubber Ducky can also be used for targeting vulnerable systems or programming processes and save times.


  • USB rubber ducky acts as a keyboard and has keystrokes installed in it
  • When we connect it to PC the keystrokes run automatically.
  • It has a high speed of approx. 1000 words per minute. So those works which can be done by keyboard can also be done by USB rubber ducky
  • When ever it is connected to a System it acts as a keyboard and executes the command which is uploaded on it.
  • The commands used in this are known as payloads and written in Ducky script. One basic script is written below.

Example: Anyone who wants to steal the data from other computers has just to command the keystrokes into the rubber ducky and has to plug-in the device to the victim’s computer, then the device automatically runs a command and steals the data at a very high speed.

The payload used in this device has its payload script known as Ducky Script, And we can write this script in Notepad.

Ducky Code:

REM Type Hello World into Windows notepad. Target: Windows 95 and beyond
STRING c:\windows\notepad.exe
STRING Hello World

USB Rubber Ducky Parts

  • The microSD card: This is a storage device in which all your payloads are saved, so when you attach a device to the victim’s system it will steal data. The keyboard adapter used microSD card to send the payloads.
  • microSD-to-USB adapter: This is a simple plastic Dongle which is used to mount the SD card to machine.
  • mini “keyboard” adapter: This is a silicon chip to insert a micro SD card to it. This is the main part and sends the keystrokes to the computer.

USB Rubber Ducky costs around 45$ but you can make it at a cheap rate at home also. You can buy this Device Online.

Similar Reads