ATTACKMODE

ATTACKMODE is a DuckyScript command which specifies which devices to emulate. The ATTACKMODE command may be issued multiple times within a given payload. For example, a payload may begin by emulating Ethernet, then switch to emulating a keyboard and serial later based on a number of conditions.
ATTACKMODE
Description
SERIAL
ACM – Abstract Control Model
Serial Console
ECM_ETHERNET
ECM – Ethernet Control Model
Linux/Mac/Android Ethernet Adapter
RNDIS_ETHERNET
RNDIS – Remote Network Driver Interface Specification
Windows (and some Linux) Ethernet Adapter
AUTO_ETHERNET
Automatic Ethernet. This attack mode will first attempt to bring up ECM_ETHERNET. If after the default timeout of 20 seconds no connection is established, RNDIS_ETHERNET will be attempted. The timeout may be changed by adding ETHERNET_TIMEOUT_XX where XX is the number of seconds, e.g. ETHERNET_TIMEOUT_60 for one minute.
Requires firmware version 1.5+
STORAGE
UMS – USB Mass Storage
Flash Drive
HID
HID – Human Interface Device
Keyboard – Keystroke Injection via Ducky Script 
Many combinations of attack modes are possible, however some are not. For example, ATTACKMODE HID STORAGE ECM_ETHERNET is valid while ATTACKMODE RNDIS_ETHERNET ECM_ETHERNET STORAGE SERIAL is not. Each attack mode combination registers using a different USB VID/PID (Vendor ID/Product ID) by default. VID and PID can be spoofed using the VID and PID commands.
ATTACKMODE COMBINATION
VID / PID
SERIAL STORAGE
0xF000/0xFFF0
HID
0xF000/0xFF01
STORAGE
0xF000/0xFF10
SERIAL
0xF000/0xFF11
RNDIS_ETHERNET
0xF000/0xFF12
ECM_ETHERNET
0xF000/0xFF13
HID SERIAL
0xF000/0xFF14
HID STORAGE
0xF000/0xFF02
HID RNDIS_ETHERNET
0xF000/0xFF03
HID ECM_ETHERNET
0xF000/0xFF04
HID STORAGE RNDIS_ETHERNET
0xF000/0xFF05
HID STORAGE ECM_ETHERNET
0xF000/0xFF06
SERIAL RNDIS_ETHERNET
0xF000/0xFF07
SERIAL ECM_ETHERNET
0xF000/0xFF08
STORAGE RNDIS_ETHERNET
0xF000/0xFF20
STORAGE ECM_ETHERNET
0xF000/0xFF21

ATTACKMODE	Description
`SERIAL`	ACM – Abstract Control Model Serial Console
`ECM_ETHERNET`	ECM – Ethernet Control Model Linux/Mac/Android Ethernet Adapter
`RNDIS_ETHERNET`	RNDIS – Remote Network Driver Interface Specification Windows (and some Linux) Ethernet Adapter
`AUTO_ETHERNET`	Automatic Ethernet. This attack mode will first attempt to bring up ECM_ETHERNET. If after the default timeout of 20 seconds no connection is established, RNDIS_ETHERNET will be attempted. The timeout may be changed by adding ETHERNET_TIMEOUT_XX where XX is the number of seconds, e.g. ETHERNET_TIMEOUT_60 for one minute. Requires firmware version 1.5+
`STORAGE`	UMS – USB Mass Storage Flash Drive
`HID`	HID – Human Interface Device Keyboard – Keystroke Injection via Ducky Script

ATTACKMODE COMBINATION	VID / PID
SERIAL STORAGE	0xF000/0xFFF0
HID	0xF000/0xFF01
STORAGE	0xF000/0xFF10
SERIAL	0xF000/0xFF11
RNDIS_ETHERNET	0xF000/0xFF12
ECM_ETHERNET	0xF000/0xFF13
HID SERIAL	0xF000/0xFF14
HID STORAGE	0xF000/0xFF02
HID RNDIS_ETHERNET	0xF000/0xFF03
HID ECM_ETHERNET	0xF000/0xFF04
HID STORAGE RNDIS_ETHERNET	0xF000/0xFF05
HID STORAGE ECM_ETHERNET	0xF000/0xFF06
SERIAL RNDIS_ETHERNET	0xF000/0xFF07
SERIAL ECM_ETHERNET	0xF000/0xFF08
STORAGE RNDIS_ETHERNET	0xF000/0xFF20
STORAGE ECM_ETHERNET	0xF000/0xFF21

Last modified 1yr ago