Do not plug random USB drives into your devices!!!
A while ago I made a “Bad USB” aka a rubber ducky using a Raspberry Pi Pico. A rubber ducky is a USB device normally taking the form of a USB drive but could really be any USB device that runs as an HID (Human Interface Device) and can issue commands to the computer its plugged into. Basically it’s a USB drive that pretends to be a keyboard and can run predetermined commands using a script.
There are many premade proof-of-concept scripts ranging from innocent pranks like Rick Rolling anyone who plugged the rubber ducky into a computer to more malicious scripts such as those that turn off Windows Defender and install malware. Many of these scripts were made by Hack5 and can be found on their GitHub.
However, I wanted to challenge myself, so I decided to write my own rubber ducky script…. So I wrote a script that would download a PowerShell keylogger that would save the keystrokes of the victim’s machine to a file called “keyloger.txt” located in a new folder called “Windows1”. After that another PowerShell script would be created, and this script would email the contents of the keylogger.txt file to an email of my choice every hour, and it worked!!
There are keyloggers and malware even more powerful than the one I made out there. For example, the script I wrote was blocked by Windows Defender, however, there are some scripts out there that would turn Windows Defender off and there is nothing you can do about it once you plug that USB into your computer. All this to say, don’t plug random USB devices into your computer, you never know which ones are out to get you.
Until next time!