Basics of commands
Commands in Tuoni refer to specific tasks or actions dispatched to an agent operating on a target machine, which subsequently yield a variety of results. Common examples of these tasks include listing files or executing programs, actions that are standard in this context.
Within the Tuoni framework, there are two distinct categories of commands available to an agent through the Command and Control (C2) interface: native commands and plugin-based commands. Each category serves different purposes and provides unique functionalities to enhance the tool's efficiency and versatility.
Native commands
Native commands in the Tuoni framework are those implemented directly within the agent. These commands operate exclusively within the agent's process and are predominantly associated with the agent's configuration and other fundamental features. Their intrinsic nature to the agent's core functionality is what necessitates their implementation directly within the agent. This design choice ensures that these basic yet crucial tasks are reliably executed, maintaining the agent's efficiency and effectiveness.
Plugin based commands
In the Tuoni framework, the majority of commands are implemented as plugin-based commands. These commands, while available through the Command and Control (C2) interface, are not considered core features of the C2 or the core agent. Consequently, they can be developed independently from the primary C2 and agent architecture.
Plugin commands are essentially structured as two components: shellcode that is executed by the agent, and a JAVA plugin that operates on the C2 side. The JAVA plugin is responsible for handling command configuration and result parsing. A significant characteristic of plugin-based commands is their flexible execution context. Unlike native commands, plugin commands are not restricted to the same agent process. They possess the versatility to be executed within the same process, a different existing process, or even within a newly spawned process. This flexibility enhances the adaptability and scalability of the Tuoni framework in various operational environments.