All of my write-ups are conducted in a lab, but I try to emulate what can happen in real life. In our example below, I want to emulate a rubber ducky being plugged into a corporate managed windows device. This could have been done by either an attacker gaining physical access and plugging the rubber ducky in directly, or as done in past years, dropping them in parking lots and having employees pick them up and plugging them into their workstation. Either way, let's demonstrate what can happen.
We will be utilizing Kali as our payload generating machine and PowerShell Empire Server; and we will be attacking a Windows 7 host.
To start, we need to make sure we know which pieces of the rubber ducky do what. In it's simplest form, we will be utilizing 3 pieces. The micro SD card that carry our payload, the USB that allows us to write to it, the USB that will be delivering our payload.
 | ||
| USB used to write payload |