I have been playing with my stack of piZero’s recently and started to read about the kernel OTG gadgets and was intrigued by the OTG_HID gadget. So after doing some reading I found that someone had ported the USB Rubber Ducky platform to the piZero and called it rspiducky.
Once you get the image to your SD card (
sudo dd if=duckberrypi_zero_minibian_05.img of=/dev/disk*/ bs=4m) you then start putting your payload into (surprise) payload.dd.
It is amazingly easy to drop a NetCat backdoor using this method. You just need a publically available server you can run
nc -l -p 443 -vvv on.
Here is a non-persistent example:
Here is a persistent example via a cron job:
Here is the script running:
Here is what the NC backdoor looks like:
Type the longest word in the world 100,000 times:
Hide all windows 100,000 times:
Hello World test script: