I have been playing with my stack of piZero’s recently and started to read about the kernel OTG gadgets and was intrigued by the OTG_HID gadget. So after doing some reading I found that someone had ported the USB Rubber Ducky platform to the piZero and called it rspiducky.
Building it is fairly straight forward but if you if you want a ready made solution I put a precompiled copy of the .img file here.
Once you get the image to your SD card (sudo dd if=duckberrypi_zero_minibian_05.img of=/dev/disk*/ bs=4m
) you then start putting your payload into (surprise) payload.dd.
It is amazingly easy to drop a NetCat backdoor using this method. You just need a publically available server you can run nc -l -p 443 -vvv
on.
Here is a non-persistent example:
https://gist.github.com/jgamblin/348254c8d3e9b94f9214e9ad5473a44e
Here is a persistent example via a cron job:
https://gist.github.com/jgamblin/158ea8a5c2459e74541f89ca728e66a0
Here is the script running:
Here is what the NC backdoor looks like:
Bonus Scripts:
Type the longest word in the world 100,000 times:
https://gist.github.com/jgamblin/c18c5818c6055cb9bb7394787cf8f9a5
Hide all windows 100,000 times:
https://gist.github.com/jgamblin/f2762d9da59c07a273a2028379052cc2
Hello World test script:
https://gist.github.com/jgamblin/0c2ca413b90e72c1e3fa1f9f53dc6fc6
As always have fun and only do good with these tools.