// A multitool composed of USB RubberDuckys...
Hey Hackers! A while back I received a 3D printed chasse for a Swiss Army Keyholder. But since I have no keys, I figured modifying it into a cyberweapon would be much cooler. You can totally build this at home and I have all the instructions listed below. All I ask is that you use this with ethical purposes in mind :)
// Overview:
The Swiss Army Duck [SAD] is a malicious multitool that I made. It is composed of 3D printed parts and two USB RubberDucks. The USB RubberDucky is a keystroke injection device created by Hak5. It basically is a programmable keyboard, so anything your keyboard can do, this thing can do. This means we can use it to install backdoors, run malicious scripts, exfiltrate documents, or do anything else you can do with a keyboard.
Payloads are the programs we can run on the Duck. They are basically what we are telling our programmable keyboard to do. The only issue with the Duck is that it can only hold one payload on its MicroSD Card. So I came up with the idea for the SAD. A device that could hold two Ducks so we can have two payloads in an easy form factor.
// Requirements:
These are the pieces and parts that we will need to assemble our SAD
Access to a 3D Printer
Swiss Army Keyholder STL [3D Print]
Two USB RubberDuckys
At least two M3 bolts and nuts [20 mm length]
Key Chain and Ring [OPTIONAL]
// Instructions:
To build our SAD, we need to follow these simple steps.
// Step 1: 3D Printing The Chasse
We first must download the two STL files to print the Swiss Army Keyholder. Navigate to here and download Part1.STL and Part2.STL. Take the STL files and 3D Print them to an appropriate 3D Printer. While we wait for these to print, we can move on to the next step.
// Step 2: Modifying The USB RubberDucky
In order to have our USB RubberDuckys be able to fit in our Swiss Army Key Holder, we need to drill a hole [3 mm in diameter] in each of the RubberDuckys cases. Please remove your Ducky from the case before drilling the hole, to prevent any damage to the circuitry.
// Step 3: Creating The Payloads
If you have just recently purchased a USB RubberDucky and are unfamiliar with how to use it, DuckyScript, or general payload development; you can check out this tutorial I made on such topics.
When we create payloads for our SAD, we need to keep in mind our limitations. If we make a payload that saves loot directly to the Duck, we would have to disassemble the SAD and the Duck just to get the MicroSD Card with our loot. This process could get very tedious depending on how often we use the SAD.
So we need to develop payloads that work smarter. For example, developing payloads that send loot through SMTP, or Incorporating TwinDuck to have the Ducky run scripts that we can have stored on the MicroSD Card. In preparation for this project, I have developed two payloads [one for each Duck].
The first payload is the DucKey Logger, a PowerShell Keylogger for Windows computers. It logs keystrokes on the target's computer and sends us the logs hourly to our GMail via SMTP. I'll have the video tutorial and GitHub source code attached below.
GitHub: DucKey Logger
The second payload I developed for this project is DuckyLan SMTP. It is a USB RubberDucky payload that steals Wi-Fi passwords saved on Windows computers, and emails them to our GMail via SMTP. I'll have the video tutorial and GitHub source code attached below.
GitHub: DuckyLan
// Step 4: Assembling The Swiss Army Duck
Now that we have all of our parts and payloads for our SAD, we can now finally start assembling it. Assembly is fairly straightforward, however, I have step-by-step instructions below in case if you are confused about the assembly process.
1. We first take our 3D Printed Swiss Army Keyholder and place bolts and nuts in the appropriate places. Feel free to screw the bolts in and out of their screw holes in order to "thread" them.
2. Take the chasse with the screw holes and screw a Ducky to it. After that, you can screw the other chasse to the other side of the Duck.
3. Insert your second Duck in between the chasses and align the hole in the Duck with the holes of the chasse. Then, screw in your second screw to finish your SAD.
// Summary:
Hopefully, this was a cool project that you guys will enjoy building at home. If you guys like articles and small projects like this then leave a heart on this article. Let me know what you guys thought of this by leaving it in a comment down below. Thanks for reading, and as always,
Happy Hacking!
// Socials:
© 2021 by Cosmodium CyberSecurity LLC
Comments