bad USBs are SCARY!! (build one with a Raspberry Pi Pico for $8)

День тому

Protect your passwords (what I use): ntck.co/dashlane
🧪🧪Links and Guide: ntck.co/3j02oXk
What you might think is just a regular usb flash drive is actually a BAD USB (badusb), a device designed by hackers to hack your computer. In this video, I’m going to show you how to use one and build one with a Raspberry Pi Pico.
---------------------------------------------------
🥇🥇ENTER TO WIN a USB Rubber Ducky from HAK5: ntck.co/3mjar3v
(must be a member of NetworkChuck. Join here: ntck.co/free )
---------------------------------------------------
Get a Raspberry Pi Pico: geni.us/hSRkzrO ($8) (affiliate)
Get a USB Rubber Ducky: ntck.co/hak5 (affiliate)
🔥🔥Join the NetworkChuck membership: ntck.co/Premium
**Sponsored by Dashlane
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: ntck.co/Premium
☕☕ COFFEE and MERCH: ntck.co/coffee
Check out my new channel: ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: / discord
STUDY WITH ME on Twitch: bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: bit.ly/3rzZjzz
-Get your CCNA: bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
0:00 ⏩ Intro
0:28 ⏩ BadUSB attacks
2:35 ⏩ how BADusb’s work
4:48 ⏩ Build your own Bad USB (Raspberry Pi Pico)
10:08 ⏩ Create your Bad USB attack!! (Ducky Script)
15:34 ⏩ How to defend against BadUSB attacks!!
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
#badusb #usbrubberducky #raspberrypi

КОМЕНТАРІ: 2 600

@NetworkChuck 2 роки тому

@HaCkEr-- 2 роки тому

Hi 😇😇

@justdicer 2 роки тому

Can i make this with a esp8266 and a usb adapter ?

@batuhanbalaban2663 2 роки тому

Hey networkchuck !! One question... What's inside hackers backpack ? Review video 😊

@rukat6455 2 роки тому

hi i am a big fan I would like to enter in the contest if that's a okay?

@shaktimanjena679 2 роки тому

Hi network chuck !! I have a doubt. Can we erase payload from USB rubber ducky. Pls make a video on this topic.

@danhoward2804 2 роки тому

I quit my job as a store manager for a fortune 500 company, went back to school for cyber security and now work in I.T. because of you. Great stuff, Chuck! Thanks!

@Reboget 2 роки тому

Fake, doesn't exist and its a homemade account by a kid thinking of getting attention.

@leontechtalks 2 роки тому

you dont know the dudes life? What are you? A god?

@charlieb9412 2 роки тому

@@leontechtalks for real looks like he actually joined 7 years ago

@leontechtalks 2 роки тому

jesus christ

@leontechtalks 2 роки тому

ive watched youtube for ages its just a made an account a few years back

@echologname 2 роки тому

My grandma often forgets how to do some things on her computer. I tell her and she writes down the steps but that's not always reliable because she can lose the paper she wrote on. I'd do something like this but write a script that would perform whatever task she doesn't know how to do for herself and it's as simple as inserting the device. Thanks for the video Chuck! ❤

@stitch10925 2 роки тому

Using something bad for good, what a twist. I love it

@seanfaherty 2 роки тому

Deadly,

@sidehustlin2233 2 роки тому

wouldn't it be easier to create a device that opens "quick assist" or "showmypc"

@jayfibonacci5501 2 роки тому

@@sidehustlin2233 mate have u seen an 87 year old with a tablet in there hand, they dontknow what the hell to do

@danratsnapnames 2 роки тому

could add a few buttons, make it multi-task able.. give grandma a button to open teamviewer, grab a screen shot and then it sends you the screen shot via email. quick and easy, you get easy access to do more work and another button to have it open the coffee cup holder. lol. you know. the cdrom tray...

@pumello 2 роки тому

When i was studying ICT, one of our first lessons was computer lab etiquette. Always, before you leave your computer, hit Win+L on the keyboard to logout. Always. As a result, now whenever i get up and leave my own PC even at home, 5 years later, i still instinctively spread my pinkie and thumb out and slam those keys, even if i leave my PC for only a few seconds. Thanks teach. Good lesson ya taught me.

@JM7900 2 роки тому

Im glad I found this channel. You're easily becoming one of my favorite content creators. Gz man

@schangoDoobie 2 роки тому

I’m a teacher, I’m going to label it the bad drive “grade book” and drop in the the classroom.

@robcluck7469 2 роки тому

Awesome but illegal idea ;)

@robcluck7469 2 роки тому

@@AndrewTateOfficial- If it is done intentionally, then yes, its illegal and unethical. It would be no different than the government wiretapping your phone.

@kyushirokun 2 роки тому

@@robcluck7469 how so? As a user you have control over one, not the other. Regardless though, we need to start teaching cyber security properly, and that includes common sense nuggets like "don't plug in random flash drives in your machine". It being illegal won't protect anyone from actual malicious hackers.

@navyholesnipe9469 2 роки тому

@@kyushirokun You are talking about two different subjects here. The point is, the act is illegal and unethical. Trust me, the least of your concerns is plugging a foreign device into your computer. For instance; your phone will automatically connect to an access point without you knowing. The mere fact you are walking (or driving) within the range of a rogue access point is enough. One that happens your owned! No USB required. *** Time to leave the script kiddie area and enter the real world !!! ***

@chalkp 2 роки тому

1:03 great idea

@GodModeMaker 2 роки тому

To stop Raspberry Pi from running script, you can add a physical switch on the board and edit the code to check if the switch is on or off. And based on that, run the script or not. I used this method on an Arduino Nano. I hope it helps 😁

@nukalight9472 2 роки тому

Can you use in on the pico and how can you do that?

@danratsnapnames 2 роки тому

yea, you can pretty much check if the gpio is high or low easily. or even a jumper for that matter bridge gpio to ground, and boot. wala

@CassielusMaximus 2 роки тому

nice

@popfizz55 Рік тому

@@danratsnapnames i know this is 4 months late and you probably don’t care, but I think you mean “voila.” lol

@danratsnapnames Рік тому

@@popfizz55 thanks spelling police.

@TheModSmith 2 роки тому

Hi Chuck! Cool video. You actually can disable the Pico coming up as a storage device by bridging pins 18 and 20 on the board. Keep in mind that you will have to get rid of this bridge in order to change the payload again.

@marudhupaandiankrishnakuma3831 Рік тому

but isint showing up as a storage device better in some cases? it will make it less suspecious rite?

@waffel6378 Рік тому

@@marudhupaandiankrishnakuma3831 true

@GentlemenOfTheWorld 2 роки тому

Cool video NetworkChuck! Would it be possible to use a Raspberry Pi as a "Quarantine Station" - ie a standalone device that can check any USB for malware or viruses before they are plugged into a PC/Laptop?

@Darkk6969 2 роки тому

For the Raspberry Pi PICO you could use one of the inputs to create a "safe" mode before plugging into your computer. This way you wouldn't have to keep using the reset and re-do everything.

@brentdeketele6764 2 роки тому

What do you mean

@Francois_L_7933 2 роки тому

@@brentdeketele6764 Just add a switch to one of the GPIO ports and modify the script to check that pin before running the duckyscript payload.

@brentdeketele6764 2 роки тому

@@Francois_L_7933 thx bro

@hackerdave 2 роки тому

I just updated the project to include this option.

@Francois_L_7933 2 роки тому

@@hackerdave Fantastic! I wonder how the code deals with different keyboard layouts? I've tried the Arduino based ducky and it uses a very convoluted way of dealing with things like that... OK, stupid question... I just checked and it's built-in on the adafruit circuit python library! That solves a lot of issues and could prove to be a better alternative than the original ducky for many.

@muso3255 2 роки тому

Thank you for sharing and warn us of them. sometimes it makes me scared cause I'm really not good in computer. I even don't understand all you were showing us especially on some letters lots of enters and py or pie.. But at least I can get from your video is "do not use unauthorized USB storage". I keep it in mind thank you again.

@RonSheely 2 роки тому

Thanks Charles. You're an inspiration. I've been wanting to better understand bootstrapping. I'm gonna to buy a few Rpi Pico boards. I already own a half doz Pi boards. I'll build a bad laptop too. I love retirement!

@davidmalka1693 2 роки тому

Alright chuck you convinced me, I'm doing this to my friend! Just one thing, how do you stop the rick roll once it started

@profilename244 2 роки тому

Reply to Comment by Microbuncher

@pranjulmishra2286 2 роки тому

That's exactly what I was wondering......how do I stop this thing ?

@davidmalka1693 2 роки тому

@@JCR4990 my man you are better than chuck

@BenLowers 2 роки тому

@@JCR4990 Can I presume that an attentive session in Task Manager would also do the same, or is that just not possible? Thanks for the value that you add here.🙏

@fuucaran 2 роки тому

@@JCR4990 you have experience in your field so I salute you.

@michaelwaterman3553 2 роки тому

Hi, let me start with saying, yet another great video! Keep up this great work you do, making people understand security aspect better. Now, I usually don’t have any remarks on your videos but I do want to mention one thing here. Advising changing the conformation prompt to a password prompt isn’t the recommended practice. Actually our internal studies (ex msft security person here) have shown that there’s actually a risk increase of leaking your actual credentials when using the password option. Windows secure desktop should prevent send keys functionality, hence turning that off is bad as well. Needless to say there are other known bypasses for uac, But that’s another story. Hope it helps a bit. Until next time….. coffee break!

@clowns8421 Рік тому

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@grayghost832 2 роки тому

Well I think I just found my first rpi pico project! Still very new to a lot of this stuff but sometimes I get inspiration to learn some more. It's kind of a learning curve but feels rewarding to learn. So a few weeks ago, I got an rgb led to cycle through all the colors on Arduino. It felt awesome to have it work after typing it all out. It's nothing crazy but still felt good. That's the level I'm on. I still kind of don't know how to write my own programs but can follow directions to make them.

@luci1495 Рік тому

same my guy let me know how it goes!

@p3zx39 10 місяців тому

Dude, this is great! (just got my Pico RGB keypad assembled 🙂) You've set a target, realised you're not gonna be Network Chuck god level in a month, but you have what's important - an inquiring mind, and an appetite to level up! ...credit where its due, lol ...the BIG question though, reading this comment a year after it was posted is - where are you now with your skills, learnt more, tried more projects ?!?

@grayghost832 10 місяців тому

No I sadly fell off the learning train but I'm getting back into it finally.

@StanTheBrand 2 роки тому

That brought back memories! Back in the day we would modify network login scripts to play “A CERTAIN VIDEO” and the more you press keys the faster the video would play! IT fun.

@babyyodar3426 2 роки тому

gosh you're probably the funniest and most lively programming, hacking channels ever! I loved the rick roll dude, keep it up! :)

@poison99x 2 роки тому

Do more Raspberry PI videos! This was so entertaining.

@justinhair7268 Рік тому

Dude, I bought a Pico a couple months ago and then never did anything with it... Now I know what to do with! Your awesome!

@NikchayaLamsal 2 місяці тому

hi i need some help with my pico

@grannylizj6467 2 роки тому

Chuck, Another great video! BTW, what enclosure did you use for the Pico, and where can I find it for sale? Thanks.

@labscience8271 2 роки тому

Imagine if someone left that USB somewhere, but instead of hacking people who plug it in, they open UKposts and show your video to educate them. Now that's a "Good USB"

@NomdePlume337 Рік тому

I’ve thought about doing something like this but with phishing emails. “If you’re seeing this video it’s because you clicked on a link you shouldn’t have”

@labscience8271 Рік тому

@@NomdePlume337 Good idea. Just be careful that your account doesn't get banned.

@dawsonfude7118 Місяць тому

Ok, but it also has to leave a hotdog wallpaper to remind people of its power.

@ahmad9366 2 роки тому

This guy's content is awesome. You can tell a lot of work goes into these videos.

@clowns8421 Рік тому

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@jasonmoore1233 Рік тому

Hey Chuck, sorry I'm late to this video. I notice that you advertise for Dashlane and I was wondering what your thoughts were on double-blind passwords? It feels like a security flaw if Dashlane were to be hacked.

@draco5991rep 2 роки тому

I bought like 5 Picos when they were released, I will trn one into a badusb for sure. Can also be useful for repetetive setups on diffrent PCs. Script the setup once, let the badusb do the rest.

@draco5991rep 2 роки тому

@@barameguy1483 I answered you with links to two websites inside the answer. Sometimes UKposts doesn't allow it to put links in comments, so if you don't see my response with the links please tell me and we'll find a workaround 🙂

@stefano-hd6es 2 роки тому

Thanks Chuck! Your videos are amazing and very useful for both professionals and casual users!

@windowbender6525 2 роки тому

FANTASTIC video as usual, keep up the amazing work man, we all appreciate what you do for us!!💪

@reecethegreatvlogs7301 Рік тому

I picked up a flash drive as a kid and plugged it into a laptop we had, luckily it was just a normal flash drive, but I'm glad I watched this video. I actually still have the flash drive too.

@10ie38 Рік тому

I never new about this, thank you so much!

@troyt9473 2 роки тому

The Rick Roll is classic. Thanks for including that, too. Made my day.

@AmanPatel-rv2it 2 роки тому

Network Chuck and David bombal you two are adorable Huge respect to your content !! Love from India

@Jordan-cz4gg 2 роки тому

Wrong use of words

@johnreaper4452 2 роки тому

Hello your computer have virus 🦟

@AmanPatel-rv2it 2 роки тому

@@johnreaper4452 oh thank for telling me

@AmanPatel-rv2it 2 роки тому

@@Jordan-cz4gg thanks for putting your precious time and finding miskates of other people

@mypowerlevelisover9000 2 роки тому

@@AmanPatel-rv2it bhai majak ko majak ki tarah le Enjoy kar yaar chil maar😎

@charlesaston6546 2 роки тому

So many things are possible these days, I never knew a usb device could do this. Thanks for the information

@kapzvara5732 Рік тому

Thanks for this chunk i have ordered a Raspberry Pico going to enjoy trying some of the scripts out.

@CyberViking_TV 2 роки тому

Limiting access to powershell, the cmd prompt, and run command (as these are the most common ways a rubber ducky executes malicious code), should protect against it a bit.

@averageguyvstheworld8601 2 роки тому

Unless the box is connected to the internet, then using a ducky to download something malicious as a staged payload is still a quick easy option

@davidkeys4284 2 роки тому

Or just use Linux

@Alastor.D 2 роки тому

@@davidkeys4284 Linux is less secure than Windows 11/10 and OSX

@davidkeys4284 2 роки тому

@@Alastor.D no...

@Maldroid 2 роки тому

@@davidkeys4284 :/

@davidyusaku 2 роки тому

Lucky me my laptop is slow asf Means that 1000wpm would make my device stutter even better :D

@Why72833 2 роки тому

it typing at 10wpm on my laptop

@alimosaad6107 2 роки тому

Thank you very much for this great explaination 💙👍🏻

@Doegiz Рік тому

It'd be interesting if you could set windows to require your pin/password as a work around when connecting new HID devices alongside a list of known ones.

@tsionwilliamson1385 2 роки тому

you can add a conventional USB type A by desoldering the microusb shield from the board and soldering a USB type A to the connectors for the microusb shield they are the same connectors for each shield just different sized shields.

@adamlong1453 Рік тому

Any videos on how to do it I’m a bit confusedv

@bassstorm89 2 роки тому

A corp company I used to work at, hotglued all USB ports and even glued a keyboard and mouse in. Making your own, or buying rubberduckies and dropping them in the companies parkinglot are probably the most easy way to a shell, where u shouldnt have a shell. Also the computer will trust pretty much anything you plug into it. Whenever you find a USB key somewhere, just throw it away.

@clowns8421 Рік тому

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@TheChad17 Рік тому

I’m currently building things for my flipper. That device is going to become a nightmare exponentially more as time goes on.

@brianconlogue1302 Рік тому

you can also have 4 different payloads on the pico that comes standard on that code.py . i soldered a dpi switch and have 5 switches, first for stealth mode so it doesnt act like a USB anymore, 2,3,4 are for payload2.dd payload3 and payload4.dd and last switch is for setup mode which wont deploy anything.

@danlazuli2005 Рік тому

Yup that’s a good setup

@patsjoholm 2 роки тому

Great video!! To me, running as non-admin account is one of the best defenses you can do protect your PC and it's so easy. Create another account, with administrative privileges, and change your normal account to a regular user. Done. You will have to get used to putting in your admin account password, whenever you install/upgrade anything, but a small price to pay for the protection you get from it. No background installs of Malware without you getting a prompt :)

@thesteaksaignant 2 роки тому

I do the same thing. It can be annoying sometimes but it is worth it

@socat9311 2 роки тому

nice. wouldn't be more efficient to have the script run shell commands to disable defender etc instead of spending time doing it through the GUI? Edit: As always great input in the responses! Tech community must be the best ever :)

@ipodtouch470 2 роки тому

If possible yep. It would actually be even better because the user wouldn't visually notice.

@kevinshumaker3753 2 роки тому

Not only more efficient, but wouldn't throw red flags up. This is bad, but it makes you think about how much worse it could be. Think: Send credentials files, password files, network secured files, etc, with no indication that it's being done. Deleting directories, turning on bitlocker encryption and discarding the key. So many things that could be done...

@socat9311 2 роки тому

@Deko Dekic yeah you are right, seems more of a general awareness video. Fun and imteresting anyway :)

@ipodtouch470 2 роки тому

@@socat9311 if anything this is a warning video. Don't leave unlocked devices unprotected in the open.

@root317 2 роки тому

Defender would kill PS before it succeeds. So the gui is needed.

@lior2636 2 роки тому

You are such a great teacher. Thank you!

@adamcollett4034 Рік тому

Nice channel sir. I’m glad I found it when I did. I’m about to take my Net+ exam and it is kicking my ass 😫. 40 yr old man trying to start an IT career 🤦🏻‍♂️🤷🏻‍♂️

@punkintech1214 2 роки тому

Awesome. Can also be done with attiny85 smallest ducky and only £2-3

@thecastlepotomac 2 роки тому

You can also change the payload by using debug mode (Jumpering pin 1 to ground) It will not execute.

@CrimmzZT Рік тому

yo litterally never saw your channel before, sick vid, I also call my old laptop my craptop

@jaykay7120 Рік тому

your enthusiasm is contagious

@ComoxSardog 2 роки тому

I appreciate the information that you have provided to help me protect my family computers. Can you tell us if the USB Rubber Ducky can be used to carry a payload that could do "Good Things" to a computer such as automatically run an antivirus package or install a utility program and run it to automatically do some house keeping functions?

@ayushrawat3340 2 роки тому

yes it is possible its just people haven't created a program to do so

@ryannorthup3148 2 роки тому

Actually, yes. For example, if you're the I.T. person, then you could use that to quickly install and set up Windows on a computer.

@oxycodin2253 2 роки тому

Yeah if u can program

@clowns8421 Рік тому

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany. You don't even need internet service to get hacked, as long as your device has an antenna.

@quantaviousdingleton 2 роки тому

The editor who had to listen to the rickroll: 0_0

@solidbeast4262 2 роки тому

Lol

@TheRobMozza 2 роки тому

Reminds me of a modern day version of the trusty batch file. I used to love the havoc that you could create using a free magazine disc and your own custom code!

@slymelyfe4205 Рік тому

This is awesome! I just purchased a Raspberry Pi 4B I'm using her to program Retro Game emulators.

@_sxmurxi_6015 2 роки тому

It was a mistake for you to give me the power of the rickroll 🤣

@mandreko 2 роки тому

Considering Razer just had an escalation of privileges to NT\SYSTEM if you plug in their mouse and navigate their installer, this is useful for any sort of physical security testing.

@Videogame9559 Рік тому

How do you stop it on your computer or a friend if it runs before you unpluge it?

@Videogame9559 Рік тому

Using a rapi pi pico?

@choens13 Рік тому

Just wondering. Could you change the delay in execution on the script from 500 to 5000 giving you time to yank it out if need be?

@TKO0 8 місяців тому

Hey network chuck can you make an updated version of this?

@markconger8049 2 роки тому

I can see the next Windows update now: authentication for any new HID plugged in. Actually, not a bad idea.

@markconger8049 2 роки тому

@Elias Productions - I was an IT worker at a federal agency in the past and we didn’t have a good way to regulate the USB ports of staff machines. We couldn’t just wholesale block the ports or remove them because some work related items required USB. It always made me chuckle when I’d read about how the computers at the Pentagon and similar high security places would plug up the built in USB ports with epoxy or the equivalent of chewing gum.

@magicsmoke630 2 роки тому

Probably the coolest network engineer on earth 👍 this is awesome! Gonna try this out! Thanks Chuck!!

@gabrieldesimone4644 2 роки тому

Man I already have a bad coffee obsession while im coding, seeing your videos just make me want to take another cup. Damn dev life that I am happy to choose (?

@nhalliday89 Рік тому

I finally watched this episode I just over the past Xmas got a 🐬-0 and it come with a badusb app built in and with other FW they have now enabled us to run duckyscript through Bluetooth which is a game changer

@VicodinElmo Рік тому

Thumbnail: “Never do this!” Title: “But here’s how to build it for $8 with a Pi Pico”

@ahoj113 2 роки тому

Just ordered a Pico, can’t wait to try this out!

@Lemoade0987 Рік тому

One question. When I insert the usb, how do I disable the virus once it activates without affecting the USB script?

@asheeqah3991 2 роки тому

My new favorite UKposts Chanel! 👩🏻‍💻

@Fattts 2 роки тому

I should get permission from my company's IT department to use these to pentest our company. Just instead of running a reverse shell, just make it type a .txt file that says "please give the USB you plugged in to IT, and don't plug strange USBs into your work computer"

@Ffreeze90 2 роки тому

As a ex IT department worker, i can ensure you - if your IT department would let you do this, they are rather be very sure you can´t do it, or they are just stupid ... (If you do it, and brake something, you will get fired as well ) Regards from Germany

@Fattts 2 роки тому

@@Ffreeze90 I'm very confident that the IT department for my company has little enough faith in the rest of the company that they'd let it happen. We had a massive data breach earlier this year, which led to almost all of our client data being held ransom, because someone opened an obvious phishing link

@fumanchu4785 Рік тому

@@Fattts Client data, huh? Which company?

@Fattts Рік тому

@@fumanchu4785 I legally cannot tell you this. Also I’m not doxxing myself lmfao

@JCR4990 2 роки тому

I have a ducky in my laptop bag at all times lol. Kinda scary how powerful that thing is in the wrong hands. It was an eye opening moment the first day I got it and within about an hour of playing around had it set up to auto disable windows defender/firewall and extract all my chrome saved passwords and email them to myself. It's probably being slightly paranoid but I no longer step away from my laptop at work without locking it anymore. Too much damage can be done far too quickly without leaving a trace.

@n3k0lein Рік тому

I have one of those at hom, fun stuff. . :) This is also the reason we require the users to put in a 4 number pin when they plug in a new Keyboard at work.

@DigitalHandle Рік тому

This is great! Now i can automate the most simplest tasks

@DarkblooM_IO 2 роки тому

I'm actually curious to know if a bad USB would be able to do a Tool Assisted Speedrun on a game with simple controls

@tigheb5412 2 роки тому

As he said bad usb is mimicking a user input device, this case a keyboard. If you could somehow trick the computer into interpreting the one USB as a mouse AND a keyboard, or somehow get two USBs plugged in, you would have full mouse and keyboard control. If your game only required a keyboard/ only required a mouse to play thus would work, and you can just code in all the key presses and delays in optimal timing and sequence for a perfect speedrun and it would execute each click you told it to do

@tigheb5412 2 роки тому

This*

@ThatGoth 2 роки тому

I just looked at the circuitry for the Pico and I believe you could quite easily solder a male full size USB connector to one end and shave the left right and whole rear sections off so it would fin in a standard thumb drive case without any required functions being lost.

@kapzvara5732 Рік тому

Great video thanks for this mate. I just got my Raspeberry Pico but need a dummy machine to test it on as dont want to bring down my work computer :)

@kapzvara5732 Рік тому

So i followed through the last instructions but did not work. It recognised the pico drive but did not launch the script :(

@InitialiseDisk Рік тому

@@kapzvara5732 same

@InitialiseDisk Рік тому

@@kapzvara5732 i think it might be to do with the new downloads

@Itsinvaded Рік тому

i think they changed it but i have no idea

@organicmechanic5150 Рік тому

You can do it with an Arduino Uno as well but they are a lot bulkier than a Pico and harder to hide. I have never coded a raspberry pi, this is the perfect way to get started.

@neradoc3722 2 роки тому

Oh THAT's why I've seen a influx of people (ok, 4 or 5) asking how to use pico-ducky with international keyboards on the Adafruit discord ! Nice video !

@bluegizmo1983 2 роки тому

If you wanna check out some other scary devices, check out the Maltronics Internal Keylogger (you implant it INSIDE a USB keyboard and it's undetectable), or the O.MG USB cables!

@clowns8421 Рік тому

All you need is someone's address to hack someone's computer, this guy is a spy messing with your relm. These people get paid by the FBI to spread fake news, all started in NAZI Germany.

@TheVenia13 2 роки тому

woaaah. great video like always. good work ma mon keep it up ;)

@wandererstraining 2 роки тому

That's pretty cool. Now, if you were to use a Raspberry Pi with wifi capability, you could create a RAT that communicates back with the Raspberry Pi, and have the Raspberry Pi create an ad hoc network to which an attacker could connect and exfiltrate data/control the target from.

@Massa_38 2 роки тому

Why github page is "This repository is empty."?

@FOSSware_360 2 роки тому

Can you provide me with your social media username? YT is deleting the msg/link

@jayfibonacci5501 2 роки тому

@@FOSSware_360 wow!!

@svenkuffer4512 2 роки тому

I do think of another way to prevent the pico 'running the script' on the developers machine. You could first let the script check for a specific file or do whatever check to verify it is not your host machine, if it is just jump to the end of the script and do nothing. It still runs a script, but it will do no harm.

@jbjb6000 3 місяці тому

Awesome video Chuck. I created one that does a malicious memory scan!

@chester_ville_4066 8 місяців тому

I’ve been trying to find a way to delete my %temp% temp and prefetch files and then do a disc cleanup this mite just be the trick thanks.

@raphaeljedralczyk2962 2 роки тому

Hi, thanks for the great video, like always. But you can build a bad USB even cheaper and easier with an arduino digi spark! An arduino digi spark costs around 1$ 😉

@fluffyspark798 2 роки тому

The build quality is terrible and you can only buy them on Amazon in packs of 5 for $10 so more like $2 per

@paulvorderegger1522 2 роки тому

I bought a pack of 5 and also a bunch of USB plugs (that actually look like real plugs) soldered the Digispark Attiny85 onto it, 3d printed a case and now it looks like a USB drive

@jestembotak7344 2 роки тому

"To edit the payload, enter setup mode by connecting the pin 1 (GP0) to pin 3 (GND), this will stop the pico-ducky from injecting the payload in your own machine." No need to reset anything.

@LanningRon 2 роки тому

I also thought about modifying the script to initially test state of one unused pin on the Pico. If it's pulled low, then divert execution to an endless sleep cycle, or perform a more-friendly action. ;-)

@kalova6731 2 роки тому

Connect with what? ^^

@jestembotak7344 2 роки тому

@@kalova6731 connection cable for breadboards

@kalova6731 2 роки тому

@@jestembotak7344 ah thx

@Wusaruful 2 роки тому

thank you for that

@technologyrealmresources 22 дні тому

The video is very cool, well made and super interesting to watch! Unfortunately, it's super outdated. The links no longer work, the repos mentioned and websites are gone. The process to create the Pico ducky is much simpler now. The main repo mentioned by dbisu is still working though :) Other than that, because of the great way you explain everything in the video I did buy a Raspberry Pi Pico and did the project, you inspire me on so many levels! Thank you! Keep up the good work, man!

@Wusaruful 2 роки тому

Bro thank you so much for the tutorial!

@TimothyChapman 2 роки тому

Wouldn't the device have to assume the operating system? So if it's expecting Windows, but gets Linux, then it's effectiveness will be reduced, wouldn't it?

@allensmithphotography 2 роки тому

You can also system check and use a dynamic script

@ilprogrammator 2 роки тому

There type of attacks could be easily stopped: Each time the system recognize a new keyboard, it asks the user to input a random word wrote on the screen, even if the device is plugged in before the boot. This in theory would work

@pat2not 2 роки тому

Never had that for Windows 7- 10 out of all my years maybe u talking about mac or some shit

@game_time1633 2 роки тому

@@pat2not he’s giving a hypothetical way to stop these bad USBs, this hasn’t been implemented.

@petrlaskevic1948 2 роки тому

The software on the usb takes a screenshot and gets the text with OCR. So maybe a captcha would work.

@timsoft3 2 роки тому

it wouldn's work because you would have to implement it in the bios, in fact you could craft the stick to enter the bios and change settings to boot off the stick, unless it is password protected.

@efan120wms7 10 місяців тому

man this is crazy thanks for this😂

@pseudonymity0000 2 роки тому

Locking may not help. If it stays powered on reboot, it can navigate to power then ctrl+shift+enter to get into boot options. Then it can reboot into recovery and then load CMD. Then all bets are off. Even if it is powered off on reboot, it could just do the power navigation first anyway, which will do nothing during POST, then wait and get into recovery CMD.

@stevelucky7579 2 роки тому

You can disarm people with a virus stick. Me: I don’t know....doesn’t really seem worth my time. You can rickroll someone and they can’t stop it. Me: I’LL TAKE YOUR ENTIRE STOCK!

@EmblaBougee Рік тому

Hi! I'm trying to run a rickroll on pico and I have a problem: my computer sees pico as a usb device and doesn't start payload.dd. Do you know how to fix it?

@lakelysimmons Рік тому

I have the same issue, did you happen to figure it out?

@josenunez1972 Рік тому

sAME HERE did anybody figure it out

@pokerr1839 Рік тому

Nope I have same issue

@deankonkel341 Рік тому

i think windows patched it 😢

@lakelysimmons Рік тому

I figured it out and bo they didn't patch it. But you do have to use an older version of the softwares

@tjmarx Рік тому

I enjoyed that this was a video for n00bs where you walk them through using a ducky to rickroll someone, but you never described how to turn it off. I wonder how many people decided to "prank" their friends/family/colleagues with a ducky injecting a rickroll but then couldn't turn it off afterwards. P.S. A naked duck is called a Daffy for what should be obvious reasons.

@armstrongbabilatitangoh7078 8 місяців тому

Hello network Chuck. Can you be able to create a good USB that can automatically execute to secure and monitor devices when you plug them?

@soyman1426 6 місяців тому

That’s the whole point of a bad usb, running a script after being plugged in. So yes, technically you can make a good USB.

@apexerconsulting5773 Рік тому

Cant fint the payloads .. =/

@bobnoob1467 2 роки тому

Without even watching the video I know most (or a lot) of times malicious usbs have RATs installed to gain control of them. That's what I love about USBs !

@zerone6273 2 роки тому

that was spectacular, thank you

@iannguda5586 2 роки тому

Hello Sir! I'm your number 1 fan. May i ask a question, orange pi is good for hacking tool?

@babyyodar3426 2 роки тому

I wish I wasn't such a script kiddie right now but I need to do this to my friends.

@JNET_Reloaded 2 роки тому

you extracted a whole zip for 1 lib, next time open with winrar or something and drag out what you need it would of been 2 seconds!

@charlesselrachski34 2 роки тому

what's wrong with 7zip?

@txle 2 роки тому

Do you know where i find the libraries for different keyboard Layouts?

@qweasdy-pc6ql Рік тому

You are funny and cool to listen! Subscribed! 👍

@hanihonfon 2 роки тому

Thank you Chuck for this video. I've a question, can I turn a regular USB into a bad one, or for some reason, I need to have a Pico or a Rubber Ducky?

@jackkrueger4150 2 роки тому

You'll need a RPi Pico, Rubber Ducky, Arduino or something similar. The goal is to be able to run code that simulates a keyboard. Regular USB flash drives can't do this, as they are just storage and can't run any code. The housings from them would be useful for concealment though!