When it comes to simplicity, keystroke injection attacks are ideal. With the tools available in today’s cybersecurity market, the execution of a keystroke injection attack is both easy and effective. The most popular and easily retrieved tool on the market is Hack5’s USB Rubber Ducky.
Masked as the average flash drive, USB Rubber Ducky is recognized on devices as a generic keyboard. With this identification, the USB Rubber Ducky can perform keystroke injection attacks via accepting preset keystroke payloads. The device can even go as far as 1000 WPM when executing.
Hakshop’s official website describes the USB Rubber Ducky’s payload operation:
“Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, and many other automated functions for the penetration tester and systems administrator.”
Despite its primary purchase use, USB Rubber Ducky can also be used for targeting vulnerable systems or programming processes and save times.
The implementation of USB Rubber Ducky is basic and easy to follow. If you find yourself getting lost, thorough guides on the device’s set up and use can be found online.
A downside to USB Rubber Ducky might be its slow functionality on certain operating systems. The issue was widely reported and even discussed on forums like Reddit and 4chan.
A reddit user further described the speed issues and overall potential on a /r/HowToHack post,
“In short, it is a very promising and effective tool, but seriously lacks versatility. In some machines it may take 5 seconds to load the drivers, in others maybe longer than 60. Then you have to account for how long it will take to deliver your payload in accordance to how fast the machine can handle keystrokes.
This becomes a huge bummer during official penetration testing scenarios where you are required to enter the office physically, because the variety of machine setups can be drastically different. Otherwise, exactly what it says on the tin: emulates a keyboard and mouse set up to deliver instructions.”