The USB rubber duckling is getting better and better. Previous versions of Rubber Ducky may have carried out attacks such as creating a fake Windows pop-up window to collect the user’s credentials or forcing Chrome to send all saved passwords to the attacker’s web server. But these attacks had to be carefully designed for specific operating systems and software versions, and they lacked the flexibility to work across platforms. Dec. The newest rubber ducklings are designed to overcome these limitations.
It comes with a serious update to the DuckyScript programming language, which is used to create commands that a Rubber duck will inject into the target machine. Although previous versions were mostly limited to writing sequences of keystrokes, DuckyScript 3.0 is a feature-rich language that allows users to write functions, store variables, and use logical flow controls (for example, like this one)… then like this). This means that, for example, the new Ducky can perform a test to check whether it is connected to a Windows or Mac computer and run the appropriate conditional code for any device or disconnect if it is connected to the wrong destination.