Native Commands
This section describes commands built into the agent. They are simple, direct tools for common tasks.
bof
Purpose: Runs a Beacon Object File and returns its output.
Parameters:
- bofFile: The BOF file to run.
- method: Execution method (usually "go").
- inputArgs: Command-line arguments for the BOF in case on simple string input only.
- inputArgsEncoding: Encoding for the arguments (UTF8 or UTF16LE).
- inputAsBytes: Use binary input (overrides inputArgs if provided).
- pack_format: Format to pack the arguments.
- pack_args: List of arguments to be packed.
- designated_thread: By default, each BOF runs in its own thread. If this option is set to true, the BOF will instead run on a shared thread with all other BOFs that also have this option set to true.
- keep_in_memory: By default, a loaded BOF is removed from memory once execution finishes. If this option is set to true, the BOF stays in memory and will be reused on subsequent executions instead of being reloaded.
cd
Purpose: Changes the agent’s current directory.
Parameters:
- dir: Directory to change to (relative or absolute).
cmd
Purpose: Executes a command using cmd.exe.
Parameters:
- command: Command text to execute.
- stdin: List of input strings (simulate pressing Enter between commands).
- outputEncoding: Encoding used for reading output.
die
Purpose: Stops the agent.
Parameters: None
jobs
Purpose: Displays a list of currently running commands.
ls
Purpose: Lists directory contents.
Parameters:
- dir: Directory to list.
- depth: Number of subdirectory levels to include.
ps
Purpose: Shows a list of processes running on the agent machine.
Parameters: None
powershell
Purpose: Runs a command using PowerShell.
Parameters:
- command: PowerShell command to execute.
- stdin: List of input lines for the command(simulated enter presses between).
- outputEncoding: Encoding for the output.
run
Purpose: Executes a program, optionally returning its output.
Parameters:
- cmdline: The program and its command-line arguments.
- output: Indicates whether stdout and stderr should be returned.
- stdin: List of input lines (simulated enter presses between).
- unicode: True if the input should be UTF-16 (default is false)[only Windows].
- outputEncoding: Encoding used for the program's output[only Windows].
sh
Note: This command is available for Linux and BSD payloads.
Purpose: Runs a shell command using sh.
Parameters:
- command: The command to execute.
- stdin: Array of input strings for the command (simulated enter presses between).
sleep
Purpose: Adjusts the agent’s sleep duration for HTTP/HTTPS communication.
Parameters:
- sleep: Base sleep time in seconds.
- sleepRandom: Amount of random variation in sleep time.
sleep-until
Purpose: Sets a specific time for the agent to wake up.
Parameters:
- sleepEnds: ISO-formatted date (Zulu time) or a UNIX timestamp in seconds.
token-del
Purpose: Removes a specific token.
Parameters:
- nr: The token number to delete.
token-del-all
Purpose: Removes all stored tokens.
Parameters: None
token-list
Purpose: Lists all tokens along with their numbers and usernames.
Parameters: None
token-make
Purpose: Tries to create a token using a username and password.
Parameters:
- username: Username for token creation.
- password: Password for token creation.
- netonly: Whether the token is created as a netonly type
token-use
Purpose: Applies a specific token for future commands or resets to the default token.
Parameters:
- nr: Token number to use (0 resets to the default).
token-steal
Purpose: Steal a token from an existing process and add it to the token store.
Parameters:
- pid: Process ID from which to steal the token.