Native Commands
This section describes commands built into the agent. They are simple, direct tools for common tasks.
bof
Purpose: Runs a Beacon Object File and returns its output.
OS Support: Windows
Parameters:
- bofFile: The BOF file to run.
- method: Execution method (usually "go").
- inputArgs: Command-line arguments for the BOF in case on simple string input only.
- inputArgsEncoding: Encoding for the arguments (UTF8 or UTF16LE).
- inputAsBytes: Use binary input (overrides inputArgs if provided).
- pack_format: Format to pack the arguments.
- pack_args: List of arguments to be packed.
- designated_thread: By default, each BOF runs in its own thread. If this option is set to true, the BOF will instead run on a shared thread with all other BOFs that also have this option set to true.
- keep_in_memory: By default, a loaded BOF is removed from memory once execution finishes. If this option is set to true, the BOF stays in memory and will be reused on subsequent executions instead of being reloaded.
cd
Purpose: Changes the agent's current directory.
OS Support: Windows, Linux, BSD
Parameters:
- dir: Directory to change to (relative or absolute).
cmd
Purpose: Executes a command using cmd.exe.
OS Support: Windows
Parameters:
- command: Command text to execute.
- stdin: List of input strings (simulate pressing Enter between commands).
- outputEncoding: Encoding used for reading output.
die
Purpose: Stops the agent.
OS Support: Windows, Linux, BSD
Parameters: None
jobs
Purpose: Displays a list of currently running commands.
OS Support: Windows, Linux, BSD
ls
Purpose: Lists directory contents.
OS Support: Windows, Linux, BSD
Parameters:
- dir: Directory to list.
- depth: Number of subdirectory levels to include.
ps
Purpose: Shows a list of processes running on the agent machine.
OS Support: Windows, Linux, BSD
Parameters: None
powershell
Purpose: Runs a command using PowerShell.
OS Support: Windows
Parameters:
- command: PowerShell command to execute.
- stdin: List of input lines for the command(simulated enter presses between).
- outputEncoding: Encoding for the output.
run
Purpose: Executes a program, optionally returning its output.
OS Support: Windows, Linux, BSD
Parameters:
- cmdline: The program and its command-line arguments.
- output: Indicates whether stdout and stderr should be returned.
- stdin: List of input lines (simulated enter presses between).
- unicode: True if the input should be UTF-16 (default is false)[only Windows].
- outputEncoding: Encoding used for the program's output[only Windows].
sh
Purpose: Runs a shell command using sh.
OS Support: Linux, BSD
Parameters:
- command: The command to execute.
- stdin: Array of input strings for the command (simulated enter presses between).
sleep
Purpose: Adjusts the agent's sleep duration for callback based listener communication.
OS Support: Windows, Linux, BSD
Parameters:
- sleep: Base sleep time in seconds.
- sleepRandom: Amount of random variation in sleep time.
sleep-until
Purpose: Sets a specific time for the agent to wake up.
OS Support: Windows, Linux, BSD
Parameters:
- sleepEnds: ISO-formatted date (Zulu time) or a UNIX timestamp in seconds.
token-del
Purpose: Removes a specific token.
OS Support: Windows
Parameters:
- nr: The token number to delete.
token-del-all
Purpose: Removes all stored tokens.
OS Support: Windows
Parameters: None
token-list
Purpose: Lists all tokens along with their numbers and usernames.
OS Support: Windows
Parameters: None
token-make
Purpose: Tries to create a token using a username and password.
OS Support: Windows
Parameters:
- username: Username for token creation.
- password: Password for token creation.
- netonly: Whether the token is created as a netonly type
token-use
Purpose: Applies a specific token for future commands or resets to the default token.
OS Support: Windows
Parameters:
- nr: Token number to use (0 resets to the default).
token-steal
Purpose: Steal a token from an existing process and add it to the token store.
OS Support: Windows
Parameters:
- pid: Process ID from which to steal the token.
chmod
Purpose: Change access permissions of files and directories.
OS Support: Linux, BSD
Parameters:
- path: What file/directory access permission to change.
- access: Access permission modification (777, u+rw, a=rwx, u=rwx, +x, o-wx, etc.).
run-as
Purpose: Run executable in the target system as some other user (username & password needed).
OS Support: Windows
Parameters:
- cmdline: Command line that is used to execute executable and provide it arguments.
- username: Username that is used to execute executable.
- password: Password that is used to execute executable.
- output: Should output be relayed back to server.
- stdin: Input over stdin into process.
- unicode: Is input to stdin in unicode(UTF16LE)[only Windows].
- outputEncoding: What encoding to use for the output if entire or part of the output is not UTF16LE. Default is Windows-1252[only Windows].