ATTACKMODEis a command which specifies which devices to emulate. The
ATTACKMODEcommand may be issued multiple times within a given payload. For example, a payload may begin by emulating just HID (keyboard/keyboard passthrough), then switch to emulating both HID and Ethernet later based on a number of conditions.
ECM_ETHERNET. If after the default timeout of 20 seconds no connection is established,
RNDIS_ETHERNETwill be attempted.
ETHERNET_TIMEOUT_XXparameter. Replace XX with a number of seconds.
PIDvalues of the connected keyboard are automatically cloned for this particular attack mode, as described in the section on Hardware ID Cloning. This may be overridden by specifying a VID and PID value in the config.txt.