Intro
There are various attack methods in Social Engineering field. These methods are very different from each other and these methods come up as days pass. Companies that conduct penetration tests teach pentests.
The Social Engineering technique that we are going to learn today is Rubber Ducky technique.
What Is Rubber Ducky?
Rubber Ducky is a equipment used by Hak5 (a website selling pentest and social engineering equipment) for social engineering. This equipment is a developed HID ( Human Interface Devıce ) that looks similiar to a USB HID devices are controlling devices (gaming console, keyboard, mouse, etc.)
What is Rubber Ducky Attack?
Rubber Ducky attack is the process of infiltrating the keyboard of the targeted device by payloading the features we write in the script language using the USB protocol. As you can see from the picture it's physical appearance looks the same as a USB.
Thanks to this attack, it's able to help you remotely control the targeted device as if it had a wireless keyboard As long as you remotely control it will be showed as the keyboard and mouse was doing it. Therefore it gets very difficult for the Anti-Viruses to detect it.
By finding various excuses, attacker plug in a Rubber Ducky equipment which is very similiar to a USB to the target device. As soon as he plugs in it Rubber Ducky attack will have been started. The victim isn't aware of anything because there is no abnormality in his device, but the attacker will be on action soon. re sonra harekete geçecektir. Attacker can see every keystrokes in the keyboard with Rubber Ducky, (similiar to a keylogger) he can make activities like remote control.. etc.. With this attack the attacker can attempt to extract the information he wants from the target.
How To Protect Yourself From These Attacks?
While these attacks occur, it can be observed how harmless the attacker is at first start, but when Rubber Ducky is plugged in to to the target's device, the attacker can get the required information. Therefore it is very important to be careful about these attacks, so how to protect yourself from an attack?
1- Don't plug in the USB devices that you don't know and don't recognize.
2- After plugging in a USB device that you don't know, firstly look at the files because when you plug in Rubber Ducky there will be a file named similiar to something like this ''bad_ducky_master" (unless the attacker didn't renamed or hid it). If you have this file immediatly unplug the USB and delete the file or alternatively you can format your device.
Result
There are equipments in Social Engineering field that are designed for very different purposes from each other. Rubber Ducky is one of those tools and it's purpose is to remotely access the target device's keyboard.
There are various attack methods in Social Engineering field. These methods are very different from each other and these methods come up as days pass. Companies that conduct penetration tests teach pentests.
The Social Engineering technique that we are going to learn today is Rubber Ducky technique.
What Is Rubber Ducky?
Rubber Ducky is a equipment used by Hak5 (a website selling pentest and social engineering equipment) for social engineering. This equipment is a developed HID ( Human Interface Devıce ) that looks similiar to a USB HID devices are controlling devices (gaming console, keyboard, mouse, etc.)
What is Rubber Ducky Attack?
Rubber Ducky attack is the process of infiltrating the keyboard of the targeted device by payloading the features we write in the script language using the USB protocol. As you can see from the picture it's physical appearance looks the same as a USB.
Thanks to this attack, it's able to help you remotely control the targeted device as if it had a wireless keyboard As long as you remotely control it will be showed as the keyboard and mouse was doing it. Therefore it gets very difficult for the Anti-Viruses to detect it.
By finding various excuses, attacker plug in a Rubber Ducky equipment which is very similiar to a USB to the target device. As soon as he plugs in it Rubber Ducky attack will have been started. The victim isn't aware of anything because there is no abnormality in his device, but the attacker will be on action soon. re sonra harekete geçecektir. Attacker can see every keystrokes in the keyboard with Rubber Ducky, (similiar to a keylogger) he can make activities like remote control.. etc.. With this attack the attacker can attempt to extract the information he wants from the target.
How To Protect Yourself From These Attacks?
While these attacks occur, it can be observed how harmless the attacker is at first start, but when Rubber Ducky is plugged in to to the target's device, the attacker can get the required information. Therefore it is very important to be careful about these attacks, so how to protect yourself from an attack?
1- Don't plug in the USB devices that you don't know and don't recognize.
2- After plugging in a USB device that you don't know, firstly look at the files because when you plug in Rubber Ducky there will be a file named similiar to something like this ''bad_ducky_master" (unless the attacker didn't renamed or hid it). If you have this file immediatly unplug the USB and delete the file or alternatively you can format your device.
Result
There are equipments in Social Engineering field that are designed for very different purposes from each other. Rubber Ducky is one of those tools and it's purpose is to remotely access the target device's keyboard.
---------------------
Source: https://www.turkhackteam.org/sosyal-muhendislik/1937521-rubber-ducky-nedir.html
Translator: Vilge234
Translator: Vilge234
Moderatör tarafında düzenlendi: