Lets start off with a stereotypical ‘This is for educational purposes only’, if you use this to pwn HBO and release the next season of GOT for free on YouTube. Nice… I mean I do not endorse any such behavior.

In case you do not know what a rubber ducky is, it is a device created by Hak5. It looks and behaves like a flash drive, but it can be programmed execute keystrokes very quickly. It can be used to compromise a system in a matter of seconds. The only downsides are that you need physical access to the machine, and they cost $50, hence the purpose of this article.

I will be using the 5V Adafruit Trinket and a micro USB cable for this, that’s about all you need.

Luckily Adafruit supplies a library for interfacing with a computer as a keyboard so the first step is to #include it. You will need to install the library following these steps.

#include <TrinketKeyboard.h>

We can play around with the library before going all in, we start by initializing the trinket as an HID device with the begin() method.

Looking good, I want to run commands on the target machine, I can do that by ‘typing’ the windows key, cmd, enter, then the command.

Looks good. Lets setup our exploit in Metasploit.