Research Article

Leaking Network Devices with Rubber Ducky Attack

Volume: 8 Number: 2 December 31, 2024
Journal of Innovative Science and Engineering Cover
Journal of Innovative Science and Engineering
PDF Download
EN

Leaking Network Devices with Rubber Ducky Attack

Abstract

Social engineering is a psychological attack targeting individuals' vulnerabilities, often aimed at employees of targeted organizations. Unlike traditional electronic attacks, it relies on manipulating individuals to run malware-infected devices or share sensitive information willingly. This study uses the Arduino Digispark Attiny85 module to demonstrate the potential consequences of social engineering attacks on network devices. By placing the module in a device connected to the target network, a network scan was performed to determine the security status, IP addresses, port information, and version information of all devices. During the experimental studies, it was observed that the most suitable port was the FTP port, and the attack was carried out via msfconsole on the FTP port. Unlike similar studies that focus on a single device, our approach allows simultaneous infiltration of multiple devices within the network, obtaining control over multiple authorized devices, highlighting the significant advantage of our method.

Keywords

Supporting Institution

TÜBİTAK

Project Number

1919B012108374

Thanks

This work has been supported in part by The Scientific and Technological Research Council of Turkey (TUBITAK) research grant 2209-A, No:1919B012108374

References

  1. [1] Thomas, T., Piscitelli, M. and Nahar, B.A. (2021). Duck Hunt: Memory forensics of USB attack platforms. DFRWS 2021 Virtual USA Conference.
  2. [2] Falliere, N., Murchu, L. O. and Chie, E. (2011). W32.Stuxnet Dossier, Symantec Stuxnet Update. Version1.4:1-45.
  3. [3] Nissim, N., Yahalom, R. and Elovici, Y. (2017). USB-Based attacks. Computers and Security, 70: 675-688.
  4. [4] Cannoles, B. and Ghafarian, A. (2017). Hacking Experiment Using USB Rubber Ducky Scripting. Proceeding of The 8th Multi-Conference on Complexity (IMCIC), 73-76.
  5. [5] Chillara, A. K., Saxena, P., Maiti, R. R., Gupta, M., Kondapalli, R., Zhang, Z., & Kesavan, K. (2024). Deceiving supervised machine learning models via adversarial data poisoning attacks: a case study with USB keyboards. International Journal of Information Security, 23(3), 2043-2061.
  6. [6] Kamkar, S. (2024). USB Drive By. https://samy.pl/usbdriveby/ [Accessed: 15 April2024]
  7. [7] Georgitzikis, V., Akribopoulos, O. and Chatzigiannakis, I. (2012). Controlling Physical Objects via the Internet using the Arduino Platform over 802.15.4 Networks. IEEE Latin America Transactions, 10(3):1686-1689.
  8. [8] Karystinos, E. and Andreatos A. (2019). Spyduino: Arduino as a HID exploiting the BadUSB Vulnerability. International Conference on Distributed Computing in Sensor Systems (DCOSS), 1-4.

Details

Primary Language

English

Subjects

Operating Systems , Computer Software

Journal Section

Research Article

Authors

Zeynep Rana Dönmez
0009-0009-5232-2136
Türkiye

Şeyma Atmaca
0009-0007-0072-5019
Türkiye

Early Pub Date

December 11, 2024

Publication Date

December 31, 2024

Submission Date

May 26, 2024

Acceptance Date

June 19, 2024

Published in Issue

Year 1970 Volume: 8 Number: 2

DOI

https://doi.org/10.38088/jise.1490148

IZ

https://izlik.org/JA93MT47PG

Cite

RIS / Bibtex
APA
Dönmez, Z. R., Atmaca, Ş., & Yalman, Y. (2024). Leaking Network Devices with Rubber Ducky Attack. Journal of Innovative Science and Engineering, 8(2), 199-212. https://doi.org/10.38088/jise.1490148
AMA
1.Dönmez ZR, Atmaca Ş, Yalman Y. Leaking Network Devices with Rubber Ducky Attack. JISE. 2024;8(2):199-212. doi:10.38088/jise.1490148
Chicago
Dönmez, Zeynep Rana, Şeyma Atmaca, and Yıldıray Yalman. 2024. “Leaking Network Devices With Rubber Ducky Attack”. Journal of Innovative Science and Engineering 8 (2): 199-212. https://doi.org/10.38088/jise.1490148.
EndNote
Dönmez ZR, Atmaca Ş, Yalman Y (December 1, 2024) Leaking Network Devices with Rubber Ducky Attack. Journal of Innovative Science and Engineering 8 2 199–212.
IEEE
[1]Z. R. Dönmez, Ş. Atmaca, and Y. Yalman, “Leaking Network Devices with Rubber Ducky Attack”, JISE, vol. 8, no. 2, pp. 199–212, Dec. 2024, doi: 10.38088/jise.1490148.
ISNAD
Dönmez, Zeynep Rana - Atmaca, Şeyma - Yalman, Yıldıray. “Leaking Network Devices With Rubber Ducky Attack”. Journal of Innovative Science and Engineering 8/2 (December 1, 2024): 199-212. https://doi.org/10.38088/jise.1490148.
JAMA
1.Dönmez ZR, Atmaca Ş, Yalman Y. Leaking Network Devices with Rubber Ducky Attack. JISE. 2024;8:199–212.
MLA
Dönmez, Zeynep Rana, et al. “Leaking Network Devices With Rubber Ducky Attack”. Journal of Innovative Science and Engineering, vol. 8, no. 2, Dec. 2024, pp. 199-12, doi:10.38088/jise.1490148.
Vancouver
1.Zeynep Rana Dönmez, Şeyma Atmaca, Yıldıray Yalman. Leaking Network Devices with Rubber Ducky Attack. JISE. 2024 Dec. 1;8(2):199-212. doi:10.38088/jise.1490148


Creative Commons License

The works published in Journal of Innovative Science and Engineering (JISE) are licensed under a  Creative Commons Attribution-NonCommercial 4.0 International License.