Skip to content

Native Commands

This section describes commands built into the agent. They are simple, direct tools for common tasks.

bof

Purpose: Runs a Beacon Object File and returns its output.
Parameters:

  • bofFile: The BOF file to run.
  • method: Execution method (usually "go").
  • inputArgs: Command-line arguments for the BOF in case on simple string input only.
  • inputArgsEncoding: Encoding for the arguments (UTF8 or UTF16LE).
  • inputAsBytes: Use binary input (overrides inputArgs if provided).
  • pack_format: Format to pack the arguments.
  • pack_args: List of arguments to be packed.

cd

Purpose: Changes the agent’s current directory.
Parameters:

  • dir: Directory to change to (relative or absolute).

cmd

Purpose: Executes a command using cmd.exe.
Parameters:

  • command: Command text to execute.
  • stdin: List of input strings (simulate pressing Enter between commands).
  • outputEncoding: Encoding used for reading output.

die

Purpose: Stops the agent.
Parameters: None

jobs

Purpose: Displays a list of currently running commands.

ls

Purpose: Lists directory contents.
Parameters:

  • dir: Directory to list.
  • depth: Number of subdirectory levels to include.

ps

Purpose: Shows a list of processes running on the agent machine.
Parameters: None

powershell

Purpose: Runs a command using PowerShell.
Parameters:

  • command: PowerShell command to execute.
  • stdin: List of input lines for the command(simulated enter presses between).
  • outputEncoding: Encoding for the output.

run

Purpose: Executes a program, optionally returning its output.
Parameters:

  • cmdline: The program and its command-line arguments.
  • output: Indicates whether stdout and stderr should be returned.
  • stdin: List of input lines (simulated enter presses between).
  • unicode: True if the input should be UTF-16 (default is false)[only Windows].
  • outputEncoding: Encoding used for the program's output[only Windows].

sh

Note: This command is available for Linux and BSD payloads.

Purpose: Runs a shell command using sh.
Parameters:

  • command: The command to execute.
  • stdin: Array of input strings for the command (simulated enter presses between).

sleep

Purpose: Adjusts the agent’s sleep duration for HTTP/HTTPS communication.
Parameters:

  • sleep: Base sleep time in seconds.
  • sleepRandom: Amount of random variation in sleep time.

sleep-until

Purpose: Sets a specific time for the agent to wake up.
Parameters:

  • sleepEnds: ISO-formatted date (Zulu time) or a UNIX timestamp in seconds.

token-del

Purpose: Removes a specific token.
Parameters:

  • nr: The token number to delete.

token-del-all

Purpose: Removes all stored tokens.
Parameters: None

token-list

Purpose: Lists all tokens along with their numbers and usernames.
Parameters: None

token-make

Purpose: Tries to create a token using a username and password.
Parameters:

  • username: Username for token creation.
  • password: Password for token creation.
  • netonly: Whether the token is created as a netonly type

token-use

Purpose: Applies a specific token for future commands or resets to the default token.
Parameters:

  • nr: Token number to use (0 resets to the default).

token-steal

Purpose: Steal a token from an existing process and add it to the token store.
Parameters:

  • pid: Process ID from which to steal the token.