ATTACKMODE
is a command which specifies which devices to emulate. The ATTACKMODE
command may be issued multiple times within a given payload. For example, a payload may begin by emulating just HID (keyboard/keyboard passthrough), then switch to emulating both HID and Ethernet later based on a number of conditions.RNDIS_SPEED_XX
ECM_ETHERNET
. If after the default timeout of 20 seconds no connection is established, RNDIS_ETHERNET
will be attempted. ETHERNET_TIMEOUT_XX
parameter. Replace XX with a number of seconds.VID
and PID
values of the connected keyboard are automatically cloned for this particular attack mode, as described in the section on Hardware ID Cloning. This may be overridden by specifying a VID and PID value in the config.txt.