Using an altered method by Mubix, the powershell script is pulled directly from your server and executed in memory. The Invoke-Mimikatz variant by clymb3r reflectively injects mimikatz into memory using powershell – so mimikatz never touches the computer’s hard disk. The payload in question here uses a variant of Mimikatz, a tool by gentilkiwi that can dump cleartext passwords from memory. Since computers trust humans, and inherently keyboards, computers trust the USB Rubber Ducky. Once developed, anyone with social engineering or physical access skills can deploy these payloads with ease. Specially crafted payloads like these mimic a trusted user, entering keystrokes into the computer at superhuman speed. That means while it looks like a USB Drive, it acts like a keyboard – typing over 1000 words per minute. The USB Rubber Ducky is the original keystroke injection attack tool. In honor of the USB Rubber Ducky appearance on a recent episode of Mr Robot, we’re recreating this hollywood hack and showing how easy it is to deploy malware and exfiltrate data using this Hak5 tool.
![cmd hacking scripts cmd hacking scripts](https://cdn.arstechnica.net/wp-content/uploads/2014/01/wifibackdoorcode.png)
Pilfering Passwords with the USB Rubber DuckyĬan you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC.