1
00:00:00,060 --> 00:00:08,180
while this may look like a perfectly ordinary USB drive it is actually a tool

2
00:00:05,520 --> 00:00:08,180
of Chaos

3
00:00:12,059 --> 00:00:14,540
right

4
00:00:17,940 --> 00:00:26,220
it's known as the hack 5 rubber ducky and while it can be used to perform

5
00:00:23,460 --> 00:00:31,320
silly pranks or to automate mundane office work it can also be used for

6
00:00:28,800 --> 00:00:35,640
highly illegal cyber crime this ingenious little device here

7
00:00:33,300 --> 00:00:41,100
contains Hardware that can be used to grab passwords open back doors for

8
00:00:38,340 --> 00:00:46,440
ransomware or even delete entire file systems in a matter of seconds

9
00:00:43,800 --> 00:00:50,760
but rather than ignore it hoping that aspiring narrow duals will remain

10
00:00:48,360 --> 00:00:55,800
ignorant of its existence we are going to show all of you how it works

11
00:00:52,860 --> 00:00:59,640
demonstrate some of what it can do and give you the knowledge that you need to

12
00:00:57,420 --> 00:01:03,780
protect yourself from USB Bandits looking to compromise your precious data

13
00:01:01,860 --> 00:01:08,580
you know what else we're gonna do tell you about our sponsor build Redux build

14
00:01:06,540 --> 00:01:11,820
Redux makes it easy to configure your new build with support guides to help

15
00:01:10,260 --> 00:01:15,060
along the way they also offer competitive pricing as compared to

16
00:01:13,380 --> 00:01:20,840
building a PC yourself head to build redux.com Linus and start your new build

17
00:01:18,000 --> 00:01:20,840
today

18
00:01:21,540 --> 00:01:28,380
foreign

19
00:01:28,380 --> 00:01:35,040
the rubber ducky has existed for over a decade becoming a favorite tool of both

20
00:01:32,460 --> 00:01:40,560
real world hackers and it professionals alike and it's been featured on TV shows

21
00:01:37,439 --> 00:01:41,880
like Mr Robot and Sesame Street are you

22
00:01:40,560 --> 00:01:47,280
sure about that last one well it's definitely Mr Robot at least I'm doing a

23
00:01:43,979 --> 00:01:49,860
hacking with my rubber ducky USB

24
00:01:47,280 --> 00:01:56,100
and what makes the rubber ducky so Insidious is that compared to Media

25
00:01:52,439 --> 00:01:58,200
portrayals of hacking devices as full-on

26
00:01:56,100 --> 00:02:03,000
computer systems that can wreak havoc when connected to your network or

27
00:01:59,759 --> 00:02:06,960
gadgety looking keys that override

28
00:02:03,000 --> 00:02:11,340
decryption or authentication it looks

29
00:02:06,960 --> 00:02:13,620
perfectly mundane USB a on one side USBC

30
00:02:11,340 --> 00:02:17,520
with a little cap on the other it's the kind of thing that you might plug into

31
00:02:15,480 --> 00:02:21,660
your machine just to find out what it does

32
00:02:18,660 --> 00:02:24,840
second you do that it Springs into

33
00:02:21,660 --> 00:02:27,239
action executing its payload and it

34
00:02:24,840 --> 00:02:33,660
bypasses many malware scanners by disguising itself to your PC or Mac or

35
00:02:31,080 --> 00:02:39,120
even your phone as a human interface device or keyboard I mean what virus

36
00:02:37,020 --> 00:02:43,739
scanner or firewall would think to check for a nefarious keyboard

37
00:02:41,400 --> 00:02:48,000
not all but actually more than you'd think it turns out rubber duckies do get

38
00:02:46,440 --> 00:02:54,180
detected by some of the higher end systems that know how to look for them

39
00:02:49,860 --> 00:02:56,519
or rather they did get detected earlier

40
00:02:54,180 --> 00:03:01,019
this year hack 5 released the rubber ducky 2.0 which included several

41
00:02:58,980 --> 00:03:04,620
features that make detection attempts now flow off it like water off a duck's

42
00:03:03,900 --> 00:03:09,239
back previously rubber ducky payloads or

43
00:03:07,379 --> 00:03:14,220
programs if you want to call them that had to be tailored to their specific

44
00:03:11,340 --> 00:03:18,599
Target for example a payload meant to run on Windows 7 might not work on

45
00:03:16,620 --> 00:03:25,019
Windows 11 and certainly wouldn't work on macOS but this latest iteration can

46
00:03:22,260 --> 00:03:29,940
detect the operating system detect when the device is set up and can even copy

47
00:03:27,900 --> 00:03:34,620
Hardware information from an already attached keyboard and spoof it to

48
00:03:32,760 --> 00:03:39,780
confuse any would-be security measures it can't even be detected by its input

49
00:03:37,379 --> 00:03:44,819
rate because it's limited by default to the speed of an extremely fast yet still

50
00:03:42,299 --> 00:03:49,459
believable human meaning it has the same level of system privilege as the logged

51
00:03:47,519 --> 00:03:53,340
in user terrifying and while a bit of

52
00:03:51,659 --> 00:03:57,239
programming skill is beneficial to make the most of the rubber ducky I suspect

53
00:03:55,319 --> 00:04:02,340
the average Enthusiast could pick it up pretty quickly the manual is just 32

54
00:03:59,940 --> 00:04:06,180
pages and fits into the average pen or shirt pocket kind of like the kind you'd

55
00:04:04,200 --> 00:04:11,700
find on our excellent Workshop jacket available at lttstore.com ducky code is

56
00:04:09,420 --> 00:04:17,400
written in ducky script a proprietary language from hack 5 and simple commands

57
00:04:14,519 --> 00:04:23,160
are simple to write Attack Mode lets you set the device into hid and or storage

58
00:04:20,280 --> 00:04:27,419
mode string is used to type out letters delay is used to make the device wait

59
00:04:25,380 --> 00:04:32,340
for a number of milliseconds perhaps for a program to launch and most other key

60
00:04:30,479 --> 00:04:36,840
presses or combinations are achieved by simply putting the name of the key onto

61
00:04:34,380 --> 00:04:40,380
a line so here's the Konami Code written in ducky script once you're done

62
00:04:38,820 --> 00:04:44,759
building your instructions they can be compiled into a ready-to-use payload

63
00:04:42,419 --> 00:04:48,780
using payload Studio it will highlight syntax Mark potential errors and give

64
00:04:47,160 --> 00:04:52,740
you suggestions for auto completion while you're typing

65
00:04:50,280 --> 00:04:57,120
automating simple keyboard inputs is only so useful though the command line

66
00:04:54,840 --> 00:05:03,780
is what really turns the target system into one big ducky puddle playground

67
00:04:59,840 --> 00:05:05,940
there it can write and run code to turn

68
00:05:03,780 --> 00:05:10,380
the volume all the way up open 20 new Chrome Windows with the same YouTube

69
00:05:07,440 --> 00:05:15,900
video over and over and over again or put a little Dancing Duck on the screen

70
00:05:13,080 --> 00:05:20,220
truly groundbreaking stuff to show you a real world use case we wrote a payload

71
00:05:17,820 --> 00:05:25,860
to set up a new PC for benchmarking it installs Chrome 7-Zip and steam pauses

72
00:05:23,520 --> 00:05:29,940
to allow for login and then proceeds to install many of the games we typically

73
00:05:27,600 --> 00:05:34,620
run with markbench and this use case is notable because it's actually the reason

74
00:05:32,100 --> 00:05:39,360
that hack5 founder Darren kitchen built the ducky in the first place to make

75
00:05:36,539 --> 00:05:45,120
repetitive tasks like fixing printers or network shares faster and easier

76
00:05:42,539 --> 00:05:49,560
but enough about its intended purpose let's talk about how it can be used to

77
00:05:47,580 --> 00:05:53,360
get around doors and locks that were meant to stay closed

78
00:06:01,380 --> 00:06:06,600
all it takes is one user performing one

79
00:06:04,800 --> 00:06:11,940
careless action to compromise the system and it only takes one compromised system

80
00:06:09,120 --> 00:06:16,380
to compromise an entire network common practice for troublemakers

81
00:06:13,740 --> 00:06:21,900
looking to access a specific network is to invest in a small flock of duckies or

82
00:06:19,199 --> 00:06:27,600
similar devices those waterfowl get configured with a malicious payload then

83
00:06:24,180 --> 00:06:30,600
they get taken out to sea to go whaling

84
00:06:27,600 --> 00:06:32,819
whaling is a type of fishing attack that

85
00:06:30,600 --> 00:06:37,800
specifically targets a wealthy or a powerful person a whale and any City's

86
00:06:36,060 --> 00:06:43,139
business district is full of such aquatic mammals like Executives

87
00:06:40,400 --> 00:06:48,300
politicians or celebrities who have predictable daily routines and might not

88
00:06:45,840 --> 00:06:53,340
know very much about computer security a few armed duckies then dropped into a

89
00:06:51,000 --> 00:06:57,780
parking lot or in the stairwell of an office building can be an extremely

90
00:06:55,319 --> 00:07:02,639
dangerous thing its capabilities are limited only by the creativity of the

91
00:06:59,699 --> 00:07:08,160
programmer and as you know there is no such thing as a perfect luck let's say

92
00:07:05,759 --> 00:07:13,860
for example a bad actor wanted to download data from a Target system to a

93
00:07:10,740 --> 00:07:16,199
ducky device well many well-protected

94
00:07:13,860 --> 00:07:21,900
systems completely block external storage devices but there's a solution

95
00:07:18,960 --> 00:07:27,960
for that using a script that reads a Target file then flashes the caps lock

96
00:07:25,080 --> 00:07:33,060
and number lock keys the duck can read those flashes as binary bits and then

97
00:07:30,720 --> 00:07:37,940
quack that loot directly onto its internal micro SD card

98
00:07:35,099 --> 00:07:43,080
the ducky 2.0 isn't all powerful though seasoned programmers may find that ducky

99
00:07:40,380 --> 00:07:47,639
script 3.0 lacks the same quality of life tools of typical languages among

100
00:07:45,840 --> 00:07:53,280
other common issues it's difficult to perform string concatenation for example

101
00:07:50,000 --> 00:07:55,560
and the ecosystem leaves a lot of room

102
00:07:53,280 --> 00:08:00,360
for improvement while lots of completed payloads can be found online and simply

103
00:07:57,780 --> 00:08:04,919
copied to your rubber ducky many of them require modifying the code yourself and

104
00:08:03,120 --> 00:08:09,479
lack the documentation that a novice user might need so if you didn't already

105
00:08:07,440 --> 00:08:13,319
understand most of the ducky script complaints that we scrolled through you

106
00:08:11,580 --> 00:08:18,720
could find yourself having issues early on the biggest issue though is running

107
00:08:16,020 --> 00:08:22,440
your code there's a light to indicate the status of any code that's running

108
00:08:20,220 --> 00:08:27,840
and there's a button that allows you to stop at Midstream but there's not really

109
00:08:24,840 --> 00:08:29,400
a great way to test your payloads unless

110
00:08:27,840 --> 00:08:35,880
you have an extra machine that you don't mind doing whatever it is you're doing two and even

111
00:08:34,020 --> 00:08:40,560
if you're okay with that there's no guarantee that other systems will

112
00:08:37,620 --> 00:08:44,219
function exactly the same as yours it could even be something as simple as

113
00:08:41,940 --> 00:08:49,140
whatever delay you've programmed for a chrome window to launch might be longer

114
00:08:46,440 --> 00:08:52,800
on a Target system additionally if you've already run a payload on a

115
00:08:50,700 --> 00:08:57,300
machine once some of the changes that payload made Might persist making it

116
00:08:55,260 --> 00:09:01,560
difficult to track how your code changes are affecting your payloads function if

117
00:08:59,640 --> 00:09:04,740
there was an included way for example to run it on a virtual machine that could

118
00:09:03,240 --> 00:09:10,080
be restored with a single button press that would be a lot more user friendly

119
00:09:07,620 --> 00:09:12,959
if you do have machines to test on and the patience to learn your way around

120
00:09:11,339 --> 00:09:18,240
the small issues of the duckyscript language you too though could be doing

121
00:09:15,060 --> 00:09:20,160
Mr Robot level infosec exfiltration data

122
00:09:18,240 --> 00:09:23,820
busting door crashing and output inputting but that brings us to an

123
00:09:22,560 --> 00:09:29,940
important question should you be able to as I said earlier

124
00:09:27,180 --> 00:09:34,800
a small flock of unattended armed duckies can be a very dangerous thing as

125
00:09:32,700 --> 00:09:40,019
it only takes one to expose an entire network that's what almost happened to

126
00:09:37,380 --> 00:09:44,880
the multinational chemical firm DSM back in 2012. thankfully for them instead of

127
00:09:43,019 --> 00:09:49,980
checking the contents themselves the person that found the mystery USB stick

128
00:09:47,100 --> 00:09:54,959
took it directly to it people following protocol is truly the only way to keep a

129
00:09:52,500 --> 00:10:00,240
network secure and even though many people are not aware of how dangerous

130
00:09:57,660 --> 00:10:06,899
physical media can be attacking with it is not a New Concept the brain computer

131
00:10:02,940 --> 00:10:09,500
virus from 1986 used floppy disks to

132
00:10:06,899 --> 00:10:14,459
travel between machines and in 2010 stuxnet famously cloned itself and

133
00:10:12,060 --> 00:10:18,540
traveled by any means possible to hit a single offline Target in Iran

134
00:10:17,339 --> 00:10:23,820
however in any given year Society is robbed of

135
00:10:21,180 --> 00:10:28,740
far more using crowbars and bolt cutters and yet they still sell those at every

136
00:10:26,100 --> 00:10:33,660
hardware store so the mere fact that a tool like the rubber ducky can be used

137
00:10:31,200 --> 00:10:38,760
by evildoers shouldn't be a cause for Banning it just make sure that you and

138
00:10:36,779 --> 00:10:44,640
your loved ones can recognize it for what it is and always practice safe

139
00:10:41,880 --> 00:10:48,899
computer use just like I always safely segue to our sponsor Squarespace if

140
00:10:47,640 --> 00:10:53,459
you're building your brand online in 2022 you need a website and if you need

141
00:10:51,660 --> 00:10:57,480
a tool to help build that brand look no further than Squarespace Squarespace is

142
00:10:55,500 --> 00:11:01,800
the all-in-one platform to help expand your brand online make a beautiful

143
00:10:59,880 --> 00:11:05,519
website engage with your audience and sell anything and everything from

144
00:11:03,120 --> 00:11:10,140
products to content we love Squarespace so much we use it here at LMG it's

145
00:11:08,220 --> 00:11:13,680
custom templates make it easy to stand out with a beautiful website that fits

146
00:11:12,120 --> 00:11:16,800
your needs you can maximize your visibility thanks to a suite of

147
00:11:15,180 --> 00:11:20,160
integrated SEO features and their analytic insights help you optimize for

148
00:11:18,540 --> 00:11:23,279
performance so you can see what's going well and What needs a little work so get

149
00:11:22,380 --> 00:11:28,980
started today and head to squarespace.com forward slash LTT to get

150
00:11:25,680 --> 00:11:30,720
10 off your first purchase if you guys

151
00:11:28,980 --> 00:11:35,160
enjoyed this video you might also enjoy our video on the password reset key too

152
00:11:33,060 --> 00:11:38,300
socks and sandals really go well with the ninja mask it turns out