USB Rubber Ducky
What is USB Rubber Ducky?
USB Rubber DuckyA USB device sold by Hak5 that masquerades as a keyboard and injects pre-programmed keystrokes at machine speed when plugged into a target computer.
The USB Rubber Ducky is a small device that registers as a Human Interface Device (HID) keyboard the moment it is plugged in. Because operating systems trust keyboards by default, the device can type scripted keystrokes faster than any human, opening a terminal, downloading payloads, exfiltrating files, or pivoting to a reverse shell within seconds. Payloads are written in DuckyScript and stored on a microSD card. Pentesters use it to demonstrate physical-access risk, while attackers can hide it in cables or look-alike USB drives. Defences include disabling unused USB ports, USB allow-listing, screen locks, and endpoint rules that alert on new HID devices.
● Examples
- 01
A pentester plugs a Rubber Ducky into a locked-screen receptionist PC during a physical engagement and drops a reverse shell when the user unlocks it.
- 02
A red team hides a Ducky inside an O.MG-style cable left at a target's desk.
● Frequently asked questions
What is USB Rubber Ducky?
A USB device sold by Hak5 that masquerades as a keyboard and injects pre-programmed keystrokes at machine speed when plugged into a target computer. It belongs to the Attacks & Threats category of cybersecurity.
What does USB Rubber Ducky mean?
A USB device sold by Hak5 that masquerades as a keyboard and injects pre-programmed keystrokes at machine speed when plugged into a target computer.
How does USB Rubber Ducky work?
The USB Rubber Ducky is a small device that registers as a Human Interface Device (HID) keyboard the moment it is plugged in. Because operating systems trust keyboards by default, the device can type scripted keystrokes faster than any human, opening a terminal, downloading payloads, exfiltrating files, or pivoting to a reverse shell within seconds. Payloads are written in DuckyScript and stored on a microSD card. Pentesters use it to demonstrate physical-access risk, while attackers can hide it in cables or look-alike USB drives. Defences include disabling unused USB ports, USB allow-listing, screen locks, and endpoint rules that alert on new HID devices.
How do you defend against USB Rubber Ducky?
Defences for USB Rubber Ducky typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for USB Rubber Ducky?
Common alternative names include: Ducky, HID injection drop.
● Related terms
- attacks№ 082
BadUSB
A class of attacks that reprograms a USB device's controller firmware so it claims a malicious identity such as a keyboard, network adapter, or storage volume.
- attacks№ 395
Evil Maid Attack
A physical attack in which an adversary briefly accesses an unattended device to tamper with firmware, bootloader, or hardware and steal secrets later.
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.