Protect your passwords (what I use): ntck.co/dashlane 🧪🧪Links and Guide: ntck.co/3j02oXk What you might think is just a regular usb flash drive is actually a BAD USB (badusb), a device designed by hackers to hack your computer. In this video, I’m going to show you how to use one and build one with a Raspberry Pi Pico. --------------------------------------------------- 🥇🥇ENTER TO WIN a USB Rubber Ducky from HAK5: ntck.co/3mjar3v (must be a member of NetworkChuck. Join here: ntck.co/free ) --------------------------------------------------- Get a Raspberry Pi Pico: geni.us/hSRkzrO ($8) (affiliate) Get a USB Rubber Ducky: ntck.co/hak5 (affiliate) 🔥🔥Join the NetworkChuck membership: ntck.co/Premium
I quit my job as a store manager for a fortune 500 company, went back to school for cyber security and now work in I.T. because of you. Great stuff, Chuck! Thanks!
My grandma often forgets how to do some things on her computer. I tell her and she writes down the steps but that's not always reliable because she can lose the paper she wrote on. I'd do something like this but write a script that would perform whatever task she doesn't know how to do for herself and it's as simple as inserting the device. Thanks for the video Chuck! ❤
could add a few buttons, make it multi-task able.. give grandma a button to open teamviewer, grab a screen shot and then it sends you the screen shot via email. quick and easy, you get easy access to do more work and another button to have it open the coffee cup holder. lol. you know. the cdrom tray...
To stop Raspberry Pi from running script, you can add a physical switch on the board and edit the code to check if the switch is on or off. And based on that, run the script or not. I used this method on an Arduino Nano. I hope it helps 😁
When i was studying ICT, one of our first lessons was computer lab etiquette. Always, before you leave your computer, hit Win+L on the keyboard to logout. Always. As a result, now whenever i get up and leave my own PC even at home, 5 years later, i still instinctively spread my pinkie and thumb out and slam those keys, even if i leave my PC for only a few seconds. Thanks teach. Good lesson ya taught me.
For the Raspberry Pi PICO you could use one of the inputs to create a "safe" mode before plugging into your computer. This way you wouldn't have to keep using the reset and re-do everything.
@@hackerdave Fantastic! I wonder how the code deals with different keyboard layouts? I've tried the Arduino based ducky and it uses a very convoluted way of dealing with things like that... OK, stupid question... I just checked and it's built-in on the adafruit circuit python library! That solves a lot of issues and could prove to be a better alternative than the original ducky for many.
@@AndrewTateOfficial- If it is done intentionally, then yes, its illegal and unethical. It would be no different than the government wiretapping your phone.
@@robcluck7469 how so? As a user you have control over one, not the other. Regardless though, we need to start teaching cyber security properly, and that includes common sense nuggets like "don't plug in random flash drives in your machine". It being illegal won't protect anyone from actual malicious hackers.
@@kyushirokun You are talking about two different subjects here. The point is, the act is illegal and unethical. Trust me, the least of your concerns is plugging a foreign device into your computer. For instance; your phone will automatically connect to an access point without you knowing. The mere fact you are walking (or driving) within the range of a rogue access point is enough. One that happens your owned! No USB required. *** Time to leave the script kiddie area and enter the real world !!! ***
@@JCR4990 Can I presume that an attentive session in Task Manager would also do the same, or is that just not possible? Thanks for the value that you add here.🙏
Hi Chuck! Cool video. You actually can disable the Pico coming up as a storage device by bridging pins 18 and 20 on the board. Keep in mind that you will have to get rid of this bridge in order to change the payload again.
Imagine if someone left that USB somewhere, but instead of hacking people who plug it in, they open RUclips and show your video to educate them. Now that's a "Good USB"
I’ve thought about doing something like this but with phishing emails. “If you’re seeing this video it’s because you clicked on a link you shouldn’t have”
That brought back memories! Back in the day we would modify network login scripts to play “A CERTAIN VIDEO” and the more you press keys the faster the video would play! IT fun.
Hi, let me start with saying, yet another great video! Keep up this great work you do, making people understand security aspect better. Now, I usually don’t have any remarks on your videos but I do want to mention one thing here. Advising changing the conformation prompt to a password prompt isn’t the recommended practice. Actually our internal studies (ex msft security person here) have shown that there’s actually a risk increase of leaking your actual credentials when using the password option. Windows secure desktop should prevent send keys functionality, hence turning that off is bad as well. Needless to say there are other known bypasses for uac, But that’s another story. Hope it helps a bit. Until next time….. coffee break!
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
nice. wouldn't be more efficient to have the script run shell commands to disable defender etc instead of spending time doing it through the GUI? Edit: As always great input in the responses! Tech community must be the best ever :)
Not only more efficient, but wouldn't throw red flags up. This is bad, but it makes you think about how much worse it could be. Think: Send credentials files, password files, network secured files, etc, with no indication that it's being done. Deleting directories, turning on bitlocker encryption and discarding the key. So many things that could be done...
Limiting access to powershell, the cmd prompt, and run command (as these are the most common ways a rubber ducky executes malicious code), should protect against it a bit.
Well I think I just found my first rpi pico project! Still very new to a lot of this stuff but sometimes I get inspiration to learn some more. It's kind of a learning curve but feels rewarding to learn. So a few weeks ago, I got an rgb led to cycle through all the colors on Arduino. It felt awesome to have it work after typing it all out. It's nothing crazy but still felt good. That's the level I'm on. I still kind of don't know how to write my own programs but can follow directions to make them.
Dude, this is great! (just got my Pico RGB keypad assembled 🙂) You've set a target, realised you're not gonna be Network Chuck god level in a month, but you have what's important - an inquiring mind, and an appetite to level up! ...credit where its due, lol ...the BIG question though, reading this comment a year after it was posted is - where are you now with your skills, learnt more, tried more projects ?!?
I picked up a flash drive as a kid and plugged it into a laptop we had, luckily it was just a normal flash drive, but I'm glad I watched this video. I actually still have the flash drive too.
@Elias Productions - I was an IT worker at a federal agency in the past and we didn’t have a good way to regulate the USB ports of staff machines. We couldn’t just wholesale block the ports or remove them because some work related items required USB. It always made me chuckle when I’d read about how the computers at the Pentagon and similar high security places would plug up the built in USB ports with epoxy or the equivalent of chewing gum.
you can add a conventional USB type A by desoldering the microusb shield from the board and soldering a USB type A to the connectors for the microusb shield they are the same connectors for each shield just different sized shields.
I bought like 5 Picos when they were released, I will trn one into a badusb for sure. Can also be useful for repetetive setups on diffrent PCs. Script the setup once, let the badusb do the rest.
@@barameguy1483 I answered you with links to two websites inside the answer. Sometimes RUclips doesn't allow it to put links in comments, so if you don't see my response with the links please tell me and we'll find a workaround 🙂
A corp company I used to work at, hotglued all USB ports and even glued a keyboard and mouse in. Making your own, or buying rubberduckies and dropping them in the companies parkinglot are probably the most easy way to a shell, where u shouldnt have a shell. Also the computer will trust pretty much anything you plug into it. Whenever you find a USB key somewhere, just throw it away.
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
Cool video NetworkChuck! Would it be possible to use a Raspberry Pi as a "Quarantine Station" - ie a standalone device that can check any USB for malware or viruses before they are plugged into a PC/Laptop?
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
Thanks Charles. You're an inspiration. I've been wanting to better understand bootstrapping. I'm gonna to buy a few Rpi Pico boards. I already own a half doz Pi boards. I'll build a bad laptop too. I love retirement!
I was looking for some random hacking vids, then I found one about flipper zero which I never heard about, then at the end of the video of explaining the features and stuff... the dude explained the bad usb thing and man.... this is OP
I enjoyed that this was a video for n00bs where you walk them through using a ducky to rickroll someone, but you never described how to turn it off. I wonder how many people decided to "prank" their friends/family/colleagues with a ducky injecting a rickroll but then couldn't turn it off afterwards. P.S. A naked duck is called a Daffy for what should be obvious reasons.
I do think of another way to prevent the pico 'running the script' on the developers machine. You could first let the script check for a specific file or do whatever check to verify it is not your host machine, if it is just jump to the end of the script and do nothing. It still runs a script, but it will do no harm.
Oh THAT's why I've seen a influx of people (ok, 4 or 5) asking how to use pico-ducky with international keyboards on the Adafruit discord ! Nice video !
I should get permission from my company's IT department to use these to pentest our company. Just instead of running a reverse shell, just make it type a .txt file that says "please give the USB you plugged in to IT, and don't plug strange USBs into your work computer"
As a ex IT department worker, i can ensure you - if your IT department would let you do this, they are rather be very sure you can´t do it, or they are just stupid ... (If you do it, and brake something, you will get fired as well ) Regards from Germany
@@Ffreeze90 I'm very confident that the IT department for my company has little enough faith in the rest of the company that they'd let it happen. We had a massive data breach earlier this year, which led to almost all of our client data being held ransom, because someone opened an obvious phishing link
As he said bad usb is mimicking a user input device, this case a keyboard. If you could somehow trick the computer into interpreting the one USB as a mouse AND a keyboard, or somehow get two USBs plugged in, you would have full mouse and keyboard control. If your game only required a keyboard/ only required a mouse to play thus would work, and you can just code in all the key presses and delays in optimal timing and sequence for a perfect speedrun and it would execute each click you told it to do
Attaboy for throwing in not one, but three advertisements in 2.5 minutes! without making me stop watching! 😁 I wish, more youtubers understood that a good ad is a short one! (3 might be pushing it, though...)
this is so cool, and has so much potential, but something i havent seen it used for yet is something that could be pretty cool, and that is instead of using it for stuff like keystoke logging, you could use it as a mod for a smart device, i doubt it would be hard to add some custom button extension to the pico, and when you press it it could activate a multitude of keybinds, which could be used to cheat videogames, and the best bit is the anticheat cant do anything, the screenshot system obviously wont work, and it probabaly wont block the hid device, but this is just an example, what about a flipper zero type extension to a phone, you plug it in, it auto opens a app which you can then use to control the onboard functions of the hardware addon. edit: also i just realised its pretty crazy that the cost of the hardware to make a bad usb (when using the pico) is less than the cable you use to plug it in.
I just looked at the circuitry for the Pico and I believe you could quite easily solder a male full size USB connector to one end and shave the left right and whole rear sections off so it would fin in a standard thumb drive case without any required functions being lost.
Hi, thanks for the great video, like always. But you can build a bad USB even cheaper and easier with an arduino digi spark! An arduino digi spark costs around 1$ 😉
I bought a pack of 5 and also a bunch of USB plugs (that actually look like real plugs) soldered the Digispark Attiny85 onto it, 3d printed a case and now it looks like a USB drive
I have a ducky in my laptop bag at all times lol. Kinda scary how powerful that thing is in the wrong hands. It was an eye opening moment the first day I got it and within about an hour of playing around had it set up to auto disable windows defender/firewall and extract all my chrome saved passwords and email them to myself. It's probably being slightly paranoid but I no longer step away from my laptop at work without locking it anymore. Too much damage can be done far too quickly without leaving a trace.
Thank you for sharing and warn us of them. sometimes it makes me scared cause I'm really not good in computer. I even don't understand all you were showing us especially on some letters lots of enters and py or pie.. But at least I can get from your video is "do not use unauthorized USB storage". I keep it in mind thank you again.
I appreciate the information that you have provided to help me protect my family computers. Can you tell us if the USB Rubber Ducky can be used to carry a payload that could do "Good Things" to a computer such as automatically run an antivirus package or install a utility program and run it to automatically do some house keeping functions?
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany. You don't even need internet service to get hacked, as long as your device has an antenna.
If you wanna check out some other scary devices, check out the Maltronics Internal Keylogger (you implant it INSIDE a USB keyboard and it's undetectable), or the O.MG USB cables!
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
you can also have 4 different payloads on the pico that comes standard on that code.py . i soldered a dpi switch and have 5 switches, first for stealth mode so it doesnt act like a USB anymore, 2,3,4 are for payload2.dd payload3 and payload4.dd and last switch is for setup mode which wont deploy anything.
There type of attacks could be easily stopped: Each time the system recognize a new keyboard, it asks the user to input a random word wrote on the screen, even if the device is plugged in before the boot. This in theory would work
it wouldn's work because you would have to implement it in the bios, in fact you could craft the stick to enter the bios and change settings to boot off the stick, unless it is password protected.
"To edit the payload, enter setup mode by connecting the pin 1 (GP0) to pin 3 (GND), this will stop the pico-ducky from injecting the payload in your own machine." No need to reset anything.
I also thought about modifying the script to initially test state of one unused pin on the Pico. If it's pulled low, then divert execution to an endless sleep cycle, or perform a more-friendly action. ;-)
Man I already have a bad coffee obsession while im coding, seeing your videos just make me want to take another cup. Damn dev life that I am happy to choose (?
Wouldn't the device have to assume the operating system? So if it's expecting Windows, but gets Linux, then it's effectiveness will be reduced, wouldn't it?
Nice channel sir. I’m glad I found it when I did. I’m about to take my Net+ exam and it is kicking my ass 😫. 40 yr old man trying to start an IT career 🤦🏻♂️🤷🏻♂️
You can do it with an Arduino Uno as well but they are a lot bulkier than a Pico and harder to hide. I have never coded a raspberry pi, this is the perfect way to get started.
Jesus Christ there's about a million Python tutorials online. It's the most saturated market there is. Every newbie is learning god damn Python. Just watch any one of the million instead of begging people to beat the dead horse further.
Hi! I'm trying to run a rickroll on pico and I have a problem: my computer sees pico as a usb device and doesn't start payload.dd. Do you know how to fix it?
The video is very cool, well made and super interesting to watch! Unfortunately, it's super outdated. The links no longer work, the repos mentioned and websites are gone. The process to create the Pico ducky is much simpler now. The main repo mentioned by dbisu is still working though :) Other than that, because of the great way you explain everything in the video I did buy a Raspberry Pi Pico and did the project, you inspire me on so many levels! Thank you! Keep up the good work, man!
That's pretty cool. Now, if you were to use a Raspberry Pi with wifi capability, you could create a RAT that communicates back with the Raspberry Pi, and have the Raspberry Pi create an ad hoc network to which an attacker could connect and exfiltrate data/control the target from.
There s also the workaround for avoid running and not being needed to redo all the steps… just get a jumper, or just a bit of cooper, connect the GND-GP0 pins, and u r safe👍🏽
I do not have the equipment to carry out the tests I want to do. You say it is impossible to stop a bad usb starting up - RickRoll, for example, which give you no visual clue that it is running. Does it show as a process in Task Manager? Also, is it possible to prevent the code running by logging out, inserting the stick when still logged out, then logging back in? Or, does the drive fire up as soon as you log back in? I am doubtful that this would work, because I'm sure you would have mentioned, considering you are exponentially more intelligent that I am. But I would love to know. Thanks for all your content. All very informative and your enthusiasm is very catchy. Every video you do makes me want to deep-dive into the content and learn everything about the subject. Unfortunately, I do not have the time these days to do that. Anyway, thanks for everything and keep up the good work, sir!
![Stromae, Pomme - “Ma Meilleure Ennemie” (from Arcane Season 2) [Official Visualizer]](http://i.ytimg.com/vi/1F3OGIFnW1k/mqdefault.jpg)
![[#2024MAMA] BIGBANG (빅뱅) - 뱅뱅뱅 (BANG BANG BANG) + FANTASTIC BABY | Mnet 241123 방송](http://i.ytimg.com/vi/EQsYfiPR9uM/mqdefault.jpg)
Protect your passwords (what I use): ntck.co/dashlane
🧪🧪Links and Guide: ntck.co/3j02oXk
What you might think is just a regular usb flash drive is actually a BAD USB (badusb), a device designed by hackers to hack your computer. In this video, I’m going to show you how to use one and build one with a Raspberry Pi Pico.
---------------------------------------------------
🥇🥇ENTER TO WIN a USB Rubber Ducky from HAK5: ntck.co/3mjar3v
(must be a member of NetworkChuck. Join here: ntck.co/free )
---------------------------------------------------
Get a Raspberry Pi Pico: geni.us/hSRkzrO ($8) (affiliate)
Get a USB Rubber Ducky: ntck.co/hak5 (affiliate)
🔥🔥Join the NetworkChuck membership: ntck.co/Premium
Hi 😇😇
Can i make this with a esp8266 and a usb adapter ?
Hey networkchuck !! One question...
What's inside hackers backpack ? Review video 😊
hi i am a big fan I would like to enter in the contest if that's a okay?
Hi network chuck !! I have a doubt.
Can we erase payload from USB rubber ducky. Pls make a video on this topic.
I quit my job as a store manager for a fortune 500 company, went back to school for cyber security and now work in I.T. because of you. Great stuff, Chuck! Thanks!
Fake, doesn't exist and its a homemade account by a kid thinking of getting attention.
you dont know the dudes life? What are you? A god?
@@leontechtalks for real looks like he actually joined 7 years ago
jesus christ
ive watched youtube for ages its just a made an account a few years back
My grandma often forgets how to do some things on her computer. I tell her and she writes down the steps but that's not always reliable because she can lose the paper she wrote on. I'd do something like this but write a script that would perform whatever task she doesn't know how to do for herself and it's as simple as inserting the device. Thanks for the video Chuck! ❤
Using something bad for good, what a twist. I love it
Deadly,
wouldn't it be easier to create a device that opens "quick assist" or "showmypc"
@@sidehustlin2233 mate have u seen an 87 year old with a tablet in there hand, they dontknow what the hell to do
could add a few buttons, make it multi-task able.. give grandma a button to open teamviewer, grab a screen shot and then it sends you the screen shot via email. quick and easy, you get easy access to do more work and another button to have it open the coffee cup holder. lol. you know. the cdrom tray...
To stop Raspberry Pi from running script, you can add a physical switch on the board and edit the code to check if the switch is on or off. And based on that, run the script or not. I used this method on an Arduino Nano. I hope it helps 😁
Can you use in on the pico and how can you do that?
yea, you can pretty much check if the gpio is high or low easily. or even a jumper for that matter bridge gpio to ground, and boot. wala
nice
@@danratsnapnames i know this is 4 months late and you probably don’t care, but I think you mean “voila.” lol
@@popfizz55 thanks spelling police.
When i was studying ICT, one of our first lessons was computer lab etiquette.
Always, before you leave your computer, hit Win+L on the keyboard to logout. Always.
As a result, now whenever i get up and leave my own PC even at home, 5 years later, i still instinctively spread my pinkie and thumb out and slam those keys, even if i leave my PC for only a few seconds.
Thanks teach. Good lesson ya taught me.
1:00 "this is more of a prank Tham a hack" *immediate youtube ad*😂😅
Gotta love it
For the Raspberry Pi PICO you could use one of the inputs to create a "safe" mode before plugging into your computer. This way you wouldn't have to keep using the reset and re-do everything.
What do you mean
@@brentdeketele6764 Just add a switch to one of the GPIO ports and modify the script to check that pin before running the duckyscript payload.
@@Francois_L_7933 thx bro
I just updated the project to include this option.
@@hackerdave Fantastic!
I wonder how the code deals with different keyboard layouts? I've tried the Arduino based ducky and it uses a very convoluted way of dealing with things like that...
OK, stupid question... I just checked and it's built-in on the adafruit circuit python library! That solves a lot of issues and could prove to be a better alternative than the original ducky for many.
I’m a teacher, I’m going to label it the bad drive “grade book” and drop in the the classroom.
Awesome but illegal idea ;)
@@AndrewTateOfficial- If it is done intentionally, then yes, its illegal and unethical. It would be no different than the government wiretapping your phone.
@@robcluck7469 how so? As a user you have control over one, not the other.
Regardless though, we need to start teaching cyber security properly, and that includes common sense nuggets like "don't plug in random flash drives in your machine". It being illegal won't protect anyone from actual malicious hackers.
@@kyushirokun You are talking about two different subjects here. The point is, the act is illegal and unethical. Trust me, the least of your concerns is plugging a foreign device into your computer. For instance; your phone will automatically connect to an access point without you knowing. The mere fact you are walking (or driving) within the range of a rogue access point is enough. One that happens your owned! No USB required. *** Time to leave the script kiddie area and enter the real world !!! ***
1:03 great idea
Alright chuck you convinced me, I'm doing this to my friend! Just one thing, how do you stop the rick roll once it started
Reply to Comment by Microbuncher
That's exactly what I was wondering......how do I stop this thing ?
@@JCR4990 my man you are better than chuck
@@JCR4990 Can I presume that an attentive session in Task Manager would also do the same, or is that just not possible? Thanks for the value that you add here.🙏
@@JCR4990 you have experience in your field so I salute you.
Hi Chuck! Cool video. You actually can disable the Pico coming up as a storage device by bridging pins 18 and 20 on the board. Keep in mind that you will have to get rid of this bridge in order to change the payload again.
but isint showing up as a storage device better in some cases? it will make it less suspecious rite?
@@marudhupaandiankrishnakuma3831 true
Dude, I bought a Pico a couple months ago and then never did anything with it... Now I know what to do with! Your awesome!
hi i need some help with my pico
gosh you're probably the funniest and most lively programming, hacking channels ever! I loved the rick roll dude, keep it up! :)
Imagine if someone left that USB somewhere, but instead of hacking people who plug it in, they open RUclips and show your video to educate them.
Now that's a "Good USB"
I’ve thought about doing something like this but with phishing emails. “If you’re seeing this video it’s because you clicked on a link you shouldn’t have”
@@NomdePlume337 Good idea. Just be careful that your account doesn't get banned.
Ok, but it also has to leave a hotdog wallpaper to remind people of its power.
Do more Raspberry PI videos! This was so entertaining.
Im glad I found this channel. You're easily becoming one of my favorite content creators. Gz man
That brought back memories! Back in the day we would modify network login scripts to play “A CERTAIN VIDEO” and the more you press keys the faster the video would play! IT fun.
Hi, let me start with saying, yet another great video! Keep up this great work you do, making people understand security aspect better. Now, I usually don’t have any remarks on your videos but I do want to mention one thing here. Advising changing the conformation prompt to a password prompt isn’t the recommended practice. Actually our internal studies (ex msft security person here) have shown that there’s actually a risk increase of leaking your actual credentials when using the password option. Windows secure desktop should prevent send keys functionality, hence turning that off is bad as well. Needless to say there are other known bypasses for uac, But that’s another story. Hope it helps a bit. Until next time….. coffee break!
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
nice. wouldn't be more efficient to have the script run shell commands to disable defender etc instead of spending time doing it through the GUI?
Edit: As always great input in the responses! Tech community must be the best ever :)
If possible yep. It would actually be even better because the user wouldn't visually notice.
Not only more efficient, but wouldn't throw red flags up. This is bad, but it makes you think about how much worse it could be. Think: Send credentials files, password files, network secured files, etc, with no indication that it's being done. Deleting directories, turning on bitlocker encryption and discarding the key. So many things that could be done...
@Deko Dekic yeah you are right, seems more of a general awareness video. Fun and imteresting anyway :)
@@socat9311 if anything this is a warning video. Don't leave unlocked devices unprotected in the open.
Defender would kill PS before it succeeds. So the gui is needed.
Limiting access to powershell, the cmd prompt, and run command (as these are the most common ways a rubber ducky executes malicious code), should protect against it a bit.
Unless the box is connected to the internet, then using a ducky to download something malicious as a staged payload is still a quick easy option
Or just use Linux
@@davidkeys4284 Linux is less secure than Windows 11/10 and OSX
@@Artificial-Cognition no...
@TheModdedPirate :)
Well I think I just found my first rpi pico project! Still very new to a lot of this stuff but sometimes I get inspiration to learn some more. It's kind of a learning curve but feels rewarding to learn.
So a few weeks ago, I got an rgb led to cycle through all the colors on Arduino. It felt awesome to have it work after typing it all out. It's nothing crazy but still felt good. That's the level I'm on. I still kind of don't know how to write my own programs but can follow directions to make them.
same my guy let me know how it goes!
Dude, this is great! (just got my Pico RGB keypad assembled 🙂) You've set a target, realised you're not gonna be Network Chuck god level in a month, but you have what's important - an inquiring mind, and an appetite to level up! ...credit where its due, lol ...the BIG question though, reading this comment a year after it was posted is - where are you now with your skills, learnt more, tried more projects ?!?
No I sadly fell off the learning train but I'm getting back into it finally.
I’m currently building things for my flipper. That device is going to become a nightmare exponentially more as time goes on.
Network Chuck and David bombal you two are adorable
Huge respect to your content !!
Love from India
Wrong use of words
Hello your computer have virus 🦟
@@johnreaper4452 oh thank for telling me
@@Jordan-cz4gg thanks for putting your precious time and finding miskates of other people
@@AmanPatel-rv2it bhai majak ko majak ki tarah le
Enjoy kar yaar chil maar😎
The Rick Roll is classic. Thanks for including that, too. Made my day.
Lucky me my laptop is slow asf
Means that 1000wpm would make my device stutter even better :D
it typing at 10wpm on my laptop
I picked up a flash drive as a kid and plugged it into a laptop we had, luckily it was just a normal flash drive, but I'm glad I watched this video. I actually still have the flash drive too.
Could you do an updated video on the pico 2? I appreciate your work! It’s amazing!
There is another video where the guy almost does the same thing but a bit more. I tried and it worked. I used Pico 2
I can see the next Windows update now: authentication for any new HID plugged in. Actually, not a bad idea.
@Elias Productions - I was an IT worker at a federal agency in the past and we didn’t have a good way to regulate the USB ports of staff machines. We couldn’t just wholesale block the ports or remove them because some work related items required USB.
It always made me chuckle when I’d read about how the computers at the Pentagon and similar high security places would plug up the built in USB ports with epoxy or the equivalent of chewing gum.
you can add a conventional USB type A by desoldering the microusb shield from the board and soldering a USB type A to the connectors for the microusb shield they are the same connectors for each shield just different sized shields.
Any videos on how to do it I’m a bit confusedv
Just ordered a Pico, can’t wait to try this out!
I bought like 5 Picos when they were released, I will trn one into a badusb for sure. Can also be useful for repetetive setups on diffrent PCs. Script the setup once, let the badusb do the rest.
@@barameguy1483 I answered you with links to two websites inside the answer. Sometimes RUclips doesn't allow it to put links in comments, so if you don't see my response with the links please tell me and we'll find a workaround 🙂
Thumbnail: “Never do this!”
Title: “But here’s how to build it for $8 with a Pi Pico”
A corp company I used to work at, hotglued all USB ports and even glued a keyboard and mouse in. Making your own, or buying rubberduckies and dropping them in the companies parkinglot are probably the most easy way to a shell, where u shouldnt have a shell.
Also the computer will trust pretty much anything you plug into it. Whenever you find a USB key somewhere, just throw it away.
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
The editor who had to listen to the rickroll: 0_0
Lol
Awesome. Can also be done with attiny85 smallest ducky and only £2-3
Cool video NetworkChuck! Would it be possible to use a Raspberry Pi as a "Quarantine Station" - ie a standalone device that can check any USB for malware or viruses before they are plugged into a PC/Laptop?
I suggest getting a digispark! They are even cheaper if you're on a low budget!
This guy's content is awesome. You can tell a lot of work goes into these videos.
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
It was a mistake for you to give me the power of the rickroll 🤣
Thanks Charles. You're an inspiration. I've been wanting to better understand bootstrapping. I'm gonna to buy a few Rpi Pico boards. I already own a half doz Pi boards. I'll build a bad laptop too. I love retirement!
I was looking for some random hacking vids, then I found one about flipper zero which I never heard about, then at the end of the video of explaining the features and stuff... the dude explained the bad usb thing and man.... this is OP
I enjoyed that this was a video for n00bs where you walk them through using a ducky to rickroll someone, but you never described how to turn it off.
I wonder how many people decided to "prank" their friends/family/colleagues with a ducky injecting a rickroll but then couldn't turn it off afterwards.
P.S. A naked duck is called a Daffy for what should be obvious reasons.
I do think of another way to prevent the pico 'running the script' on the developers machine. You could first let the script check for a specific file or do whatever check to verify it is not your host machine, if it is just jump to the end of the script and do nothing. It still runs a script, but it will do no harm.
FANTASTIC video as usual, keep up the amazing work man, we all appreciate what you do for us!!💪
Oh THAT's why I've seen a influx of people (ok, 4 or 5) asking how to use pico-ducky with international keyboards on the Adafruit discord !
Nice video !
Hello Sir! I'm your number 1 fan. May i ask a question, orange pi is good for hacking tool?
The look mom no hands comment shows us that Chuck is a man of culture.
I should get permission from my company's IT department to use these to pentest our company. Just instead of running a reverse shell, just make it type a .txt file that says "please give the USB you plugged in to IT, and don't plug strange USBs into your work computer"
As a ex IT department worker, i can ensure you - if your IT department would let you do this, they are rather be very sure you can´t do it, or they are just stupid ...
(If you do it, and brake something, you will get fired as well )
Regards from Germany
@@Ffreeze90 I'm very confident that the IT department for my company has little enough faith in the rest of the company that they'd let it happen. We had a massive data breach earlier this year, which led to almost all of our client data being held ransom, because someone opened an obvious phishing link
@@Fattts Client data, huh? Which company?
@@fumanchu4785 I legally cannot tell you this. Also I’m not doxxing myself lmfao
Thanks Chuck! Your videos are amazing and very useful for both professionals and casual users!
I'm actually curious to know if a bad USB would be able to do a Tool Assisted Speedrun on a game with simple controls
As he said bad usb is mimicking a user input device, this case a keyboard. If you could somehow trick the computer into interpreting the one USB as a mouse AND a keyboard, or somehow get two USBs plugged in, you would have full mouse and keyboard control. If your game only required a keyboard/ only required a mouse to play thus would work, and you can just code in all the key presses and delays in optimal timing and sequence for a perfect speedrun and it would execute each click you told it to do
This*
Attaboy for throwing in not one, but three advertisements in 2.5 minutes! without making me stop watching! 😁 I wish, more youtubers understood that a good ad is a short one! (3 might be pushing it, though...)
this is so cool, and has so much potential, but something i havent seen it used for yet is something that could be pretty cool, and that is instead of using it for stuff like keystoke logging, you could use it as a mod for a smart device, i doubt it would be hard to add some custom button extension to the pico, and when you press it it could activate a multitude of keybinds, which could be used to cheat videogames, and the best bit is the anticheat cant do anything, the screenshot system obviously wont work, and it probabaly wont block the hid device, but this is just an example, what about a flipper zero type extension to a phone, you plug it in, it auto opens a app which you can then use to control the onboard functions of the hardware addon. edit: also i just realised its pretty crazy that the cost of the hardware to make a bad usb (when using the pico) is less than the cable you use to plug it in.
I just looked at the circuitry for the Pico and I believe you could quite easily solder a male full size USB connector to one end and shave the left right and whole rear sections off so it would fin in a standard thumb drive case without any required functions being lost.
Hi, thanks for the great video, like always. But you can build a bad USB even cheaper and easier with an arduino digi spark! An arduino digi spark costs around 1$ 😉
The build quality is terrible and you can only buy them on Amazon in packs of 5 for $10 so more like $2 per
I bought a pack of 5 and also a bunch of USB plugs (that actually look like real plugs) soldered the Digispark Attiny85 onto it, 3d printed a case and now it looks like a USB drive
I have a ducky in my laptop bag at all times lol. Kinda scary how powerful that thing is in the wrong hands. It was an eye opening moment the first day I got it and within about an hour of playing around had it set up to auto disable windows defender/firewall and extract all my chrome saved passwords and email them to myself. It's probably being slightly paranoid but I no longer step away from my laptop at work without locking it anymore. Too much damage can be done far too quickly without leaving a trace.
My new favorite RUclips Chanel! 👩🏻💻
Thank you for sharing and warn us of them.
sometimes it makes me scared cause I'm really not good in computer. I even don't understand all you were showing us especially on some letters lots of enters and py or pie..
But at least I can get from your video is "do not use unauthorized USB storage". I keep it in mind thank you again.
I appreciate the information that you have provided to help me protect my family computers. Can you tell us if the USB Rubber Ducky can be used to carry a payload that could do "Good Things" to a computer such as automatically run an antivirus package or install a utility program and run it to automatically do some house keeping functions?
yes it is possible its just people haven't created a program to do so
Actually, yes. For example, if you're the I.T. person, then you could use that to quickly install and set up Windows on a computer.
Yeah if u can program
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany. You don't even need internet service to get hacked, as long as your device has an antenna.
If you wanna check out some other scary devices, check out the Maltronics Internal Keylogger (you implant it INSIDE a USB keyboard and it's undetectable), or the O.MG USB cables!
All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.
you can also have 4 different payloads on the pico that comes standard on that code.py . i soldered a dpi switch and have 5 switches, first for stealth mode so it doesnt act like a USB anymore, 2,3,4 are for payload2.dd payload3 and payload4.dd and last switch is for setup mode which wont deploy anything.
Yup that’s a good setup
JUST ORDERED ONEEE LETSS GO!!!
your enthusiasm is contagious
There type of attacks could be easily stopped: Each time the system recognize a new keyboard, it asks the user to input a random word wrote on the screen, even if the device is plugged in before the boot. This in theory would work
Never had that for Windows 7- 10 out of all my years maybe u talking about mac or some shit
@@pat2not he’s giving a hypothetical way to stop these bad USBs, this hasn’t been implemented.
The software on the usb takes a screenshot and gets the text with OCR. So maybe a captcha would work.
it wouldn's work because you would have to implement it in the bios, in fact you could craft the stick to enter the bios and change settings to boot off the stick, unless it is password protected.
Probably the coolest network engineer on earth 👍 this is awesome! Gonna try this out! Thanks Chuck!!
"To edit the payload, enter setup mode by connecting the pin 1 (GP0) to pin 3 (GND), this will stop the pico-ducky from injecting the payload in your own machine." No need to reset anything.
I also thought about modifying the script to initially test state of one unused pin on the Pico. If it's pulled low, then divert execution to an endless sleep cycle, or perform a more-friendly action. ;-)
Connect with what? ^^
@@kalova6731 connection cable for breadboards
@@jkf114 ah thx
thank you for that
Thanks for this chunk i have ordered a Raspberry Pico going to enjoy trying some of the scripts out.
Man I already have a bad coffee obsession while im coding, seeing your videos just make me want to take another cup. Damn dev life that I am happy to choose (?
Wouldn't the device have to assume the operating system? So if it's expecting Windows, but gets Linux, then it's effectiveness will be reduced, wouldn't it?
You can also system check and use a dynamic script
wait how do you turn of the rickroll
Cant fint the payloads .. =/
Nice channel sir. I’m glad I found it when I did. I’m about to take my Net+ exam and it is kicking my ass 😫. 40 yr old man trying to start an IT career 🤦🏻♂️🤷🏻♂️
Chuck: This is a bad usb!
Also Chuck: Here's how to bulid one!
But how how do I stop the rick roll.
I wish I wasn't such a script kiddie right now but I need to do this to my friends.
Why github page is "This repository is empty."?
Can you provide me with your social media username? YT is deleting the msg/link
@@FOSSware_360 wow!!
You can do it with an Arduino Uno as well but they are a lot bulkier than a Pico and harder to hide. I have never coded a raspberry pi, this is the perfect way to get started.
At 5:59 he called the explorer the "finder" This man use every computer at once
We Need Learning Python Ep. 2 Please
Jesus Christ there's about a million Python tutorials online. It's the most saturated market there is. Every newbie is learning god damn Python. Just watch any one of the million instead of begging people to beat the dead horse further.
@@jamesevans2507 Not everyone will teach you pentesting with Python
@@Sabir_Makhdoomi He was explaining what a string was for 20 minutes in the first episode. I'm sure he'll get to pentesting by episode 503.
We got Rick Roll in a Cybersecurity Video LOL
you extracted a whole zip for 1 lib, next time open with winrar or something and drag out what you need it would of been 2 seconds!
what's wrong with 7zip?
Do you know where i find the libraries for different keyboard Layouts?
I never new about this, thank you so much!
This is awesome! I just purchased a Raspberry Pi 4B I'm using her to program Retro Game emulators.
He Knows how to Hack but youtube does not allow Real Hacking so he is just telling the basics
A static script is smarter than me? That hurts chuck :(
Hi! I'm trying to run a rickroll on pico and I have a problem: my computer sees pico as a usb device and doesn't start payload.dd. Do you know how to fix it?
I have the same issue, did you happen to figure it out?
sAME HERE did anybody figure it out
Nope I have same issue
i think windows patched it 😢
I figured it out and bo they didn't patch it. But you do have to use an older version of the softwares
This guy has a straight up supervillain laugh and I'm here for it
yo litterally never saw your channel before, sick vid, I also call my old laptop my craptop
PLEASE ADD SUBTITLES
@@willnicholson18 because I'm a foreigner and my English is not good. I can't use the auto-translate feature on youtube non-translated video.
@@willnicholson18 Did you understand
big L with those links man
Why?
Awesome video Chuck. I created one that does a malicious memory scan!
when you plugged in the usb, the advertisement cut you off and my mind was like "Damn they got him"
The video is very cool, well made and super interesting to watch! Unfortunately, it's super outdated. The links no longer work, the repos mentioned and websites are gone. The process to create the Pico ducky is much simpler now. The main repo mentioned by dbisu is still working though :) Other than that, because of the great way you explain everything in the video I did buy a Raspberry Pi Pico and did the project, you inspire me on so many levels! Thank you! Keep up the good work, man!
That's pretty cool. Now, if you were to use a Raspberry Pi with wifi capability, you could create a RAT that communicates back with the Raspberry Pi, and have the Raspberry Pi create an ad hoc network to which an attacker could connect and exfiltrate data/control the target from.
So many things are possible these days, I never knew a usb device could do this. Thanks for the information
For some reason it just doesn’t do anything. I followed all the steps but still nothing.
There s also the workaround for avoid running and not being needed to redo all the steps… just get a jumper, or just a bit of cooper, connect the GND-GP0 pins, and u r safe👍🏽
This channel is so much fun!!!
"USBS CAN BE DANGEROUS!"
Five thousand frames later: "anyways lets make one"
I do not have the equipment to carry out the tests I want to do. You say it is impossible to stop a bad usb starting up - RickRoll, for example, which give you no visual clue that it is running. Does it show as a process in Task Manager? Also, is it possible to prevent the code running by logging out, inserting the stick when still logged out, then logging back in? Or, does the drive fire up as soon as you log back in? I am doubtful that this would work, because I'm sure you would have mentioned, considering you are exponentially more intelligent that I am. But I would love to know.
Thanks for all your content. All very informative and your enthusiasm is very catchy. Every video you do makes me want to deep-dive into the content and learn everything about the subject. Unfortunately, I do not have the time these days to do that. Anyway, thanks for everything and keep up the good work, sir!
The rickroll USB attack had me laughing...
Not just me but the whole comment section
How to disable it
@@Wisp4liferestart computer
Zdravím tě moc.Promiň, ale jsi největší frajer u Anónů.
IG Zdravím a s čím dokáže prosím pomoci?Díky za info