How I Built a Keystroke Injector to Execute Commands in Seconds
The intersection of hardware and software is really an incredible place that Iโve enjoyed exploring since the days of high school robotics competitions. When I heard of Hak5โs Rubber Ducky, I knew I had to build one for myself. Unlimited possibilities with 10 seconds of physical access to a computer? Count me in.
I have a feeling you may be aware of this, but just in case youโre not - a BadUSB is essentially a USB device pretending to be a keyboard, which allows it to inject keystrokes into any computer at lightning speed. You pre-program it, connect it, and let it run. Injecting a Powershell script? Not an issue. Disabling an anti-virus? Easy. Rickrolling anyone and locking out their volume control? Done.
It start with a Pico Raspberry Pi, that you can flash with open source software to turn it into a keystroke injector. Then you need to write a payload - or grab one from the internet - and try it out. The payloadโs syntax isnโt all too complicated, as it is just emulating a keyboard. I grabbed a couple of reverse shell scripts from the internet and ran them, but Defender stopped them from executing. To circumvent that, I was able to obfuscate the reverse shell script and have it slip past Defender. This script can only be used to open a reverse shell to a computer on the same network, but itโs pretty awesome regardless.
Itโs incredible how quickly online tutorials can get outdated, and it was the case here as well. Getting this to work wasnโt too difficult, but did require a lot of tinkering and hard resets of my Pico. Poor thing. Overall, the resources are out there and open source, so it was mostly piecing things together.
First, Iโve known since Stuxnet that USB security is super important, but knowing that anyone has access to this tech really made me realize how vulnerable machines can be. Second, building your own tools is awesomely satisfying. Defender could recognize the signature of the scripts I copied from the internet, but it was powerless against my custom adjustments. Most of our security today is pattern recognition, but that isnโt all too useful against custom, one of a kind tools.