KCSEC - Rubber Ducky Toolkit

What is a Rubber Ducky ?

The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute.

Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, and many other automated functions for the penetration tester and systems administrator.

Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals. With its debut, keystroke injection attacks were invented – and since it has captured the imagination with its simple scripting language, formidable hardware, and covert design

KCSEC Rubber Ducky Toolkit

So after checking out what is currently being used for the ducky toolkit it seems MS have patched a lot of the UAC bypasses making the Windows 10 potential limited.

There is now our repo on git hub that includes some of the follow updates and new KCSEC payloads.

https://github.com/KCSEC/USB-Rubber-Ducky

KCSEC Rubber Ducky Toolkit Upgrades

  • Ducky-Flasher (Updated to latest version)
  • Ducky-Flasher (Includes version numbers)
  • Firmware List information and version explanations

KCSEC Ducky-Payloads

Ducky-Payloads are the Custom Inject.bin files for the Rubber-Ducky to Allow Execution of our KCSEC Host-Payloads

  1. Windows 10 - Fodhelper UAC Bypass Exploit To host-Payload

Currently working 2018 Windows 10 UAC bypass Exploit - Requires user to have admin permissions More info on fodhelper UAC bypass here https://pentestlab.blog/tag/fodhelper/

KCSEC Ducky-Payloads To Host-Payloads Packages

The Packages Include both as Ducky-Payload + a Host Payload all setup and ready to be used.

  1. Win10 - Fodhelper Bypass Exploit to Meterpreter reverse shell Available on,
    – TwinDuck
    – TwinDuck Special 2
    – Original Ducky coming soon

  2. Win10 - Fodhelper Bypass Exploit to Empire Launcher Available on,
    – TwinDuck
    – TwinDuck Special 2
    – Original Ducky coming soon

In development

  • Each payloads will have 3 Version (Original, Twin Duck + Twin Duck special 2)
  • Non UAC Bypass for non admin user payloads
  • Mimikatz payloads

Want a specific payload ?

Feel free to request a payload write by either commenting bellow or emailing us :)

Share Comments
comments powered by Disqus