Skip to content

Native Commands

This section describes commands built into the agent. They are simple, direct tools for common tasks.

bof

Purpose: Runs a Beacon Object File and returns its output.
OS Support: Windows
Parameters:

  • bofFile: The BOF file to run.
  • method: Execution method (usually "go").
  • inputArgs: Command-line arguments for the BOF in case on simple string input only.
  • inputArgsEncoding: Encoding for the arguments (UTF8 or UTF16LE).
  • inputAsBytes: Use binary input (overrides inputArgs if provided).
  • pack_format: Format to pack the arguments.
  • pack_args: List of arguments to be packed.
  • designated_thread: By default, each BOF runs in its own thread. If this option is set to true, the BOF will instead run on a shared thread with all other BOFs that also have this option set to true.
  • keep_in_memory: By default, a loaded BOF is removed from memory once execution finishes. If this option is set to true, the BOF stays in memory and will be reused on subsequent executions instead of being reloaded.

cd

Purpose: Changes the agent's current directory.
OS Support: Windows, Linux, BSD
Parameters:

  • dir: Directory to change to (relative or absolute).

cmd

Purpose: Executes a command using cmd.exe.
OS Support: Windows
Parameters:

  • command: Command text to execute.
  • stdin: List of input strings (simulate pressing Enter between commands).
  • outputEncoding: Encoding used for reading output.

die

Purpose: Stops the agent.
OS Support: Windows, Linux, BSD
Parameters: None

jobs

Purpose: Displays a list of currently running commands.
OS Support: Windows, Linux, BSD

ls

Purpose: Lists directory contents.
OS Support: Windows, Linux, BSD
Parameters:

  • dir: Directory to list.
  • depth: Number of subdirectory levels to include.

ps

Purpose: Shows a list of processes running on the agent machine.
OS Support: Windows, Linux, BSD
Parameters: None

powershell

Purpose: Runs a command using PowerShell.
OS Support: Windows
Parameters:

  • command: PowerShell command to execute.
  • stdin: List of input lines for the command(simulated enter presses between).
  • outputEncoding: Encoding for the output.

run

Purpose: Executes a program, optionally returning its output.
OS Support: Windows, Linux, BSD
Parameters:

  • cmdline: The program and its command-line arguments.
  • output: Indicates whether stdout and stderr should be returned.
  • stdin: List of input lines (simulated enter presses between).
  • unicode: True if the input should be UTF-16 (default is false)[only Windows].
  • outputEncoding: Encoding used for the program's output[only Windows].

sh

Purpose: Runs a shell command using sh.
OS Support: Linux, BSD
Parameters:

  • command: The command to execute.
  • stdin: Array of input strings for the command (simulated enter presses between).

sleep

Purpose: Adjusts the agent's sleep duration for callback based listener communication.
OS Support: Windows, Linux, BSD
Parameters:

  • sleep: Base sleep time in seconds.
  • sleepRandom: Amount of random variation in sleep time.

sleep-until

Purpose: Sets a specific time for the agent to wake up.
OS Support: Windows, Linux, BSD
Parameters:

  • sleepEnds: ISO-formatted date (Zulu time) or a UNIX timestamp in seconds.

token-del

Purpose: Removes a specific token.
OS Support: Windows
Parameters:

  • nr: The token number to delete.

token-del-all

Purpose: Removes all stored tokens.
OS Support: Windows
Parameters: None

token-list

Purpose: Lists all tokens along with their numbers and usernames.
OS Support: Windows
Parameters: None

token-make

Purpose: Tries to create a token using a username and password.
OS Support: Windows
Parameters:

  • username: Username for token creation.
  • password: Password for token creation.
  • netonly: Whether the token is created as a netonly type

token-use

Purpose: Applies a specific token for future commands or resets to the default token.
OS Support: Windows
Parameters:

  • nr: Token number to use (0 resets to the default).

token-steal

Purpose: Steal a token from an existing process and add it to the token store.
OS Support: Windows
Parameters:

  • pid: Process ID from which to steal the token.

chmod

Purpose: Change access permissions of files and directories.
OS Support: Linux, BSD
Parameters:

  • path: What file/directory access permission to change.
  • access: Access permission modification (777, u+rw, a=rwx, u=rwx, +x, o-wx, etc.).

run-as

Purpose: Run executable in the target system as some other user (username & password needed).
OS Support: Windows
Parameters:

  • cmdline: Command line that is used to execute executable and provide it arguments.
  • username: Username that is used to execute executable.
  • password: Password that is used to execute executable.
  • output: Should output be relayed back to server.
  • stdin: Input over stdin into process.
  • unicode: Is input to stdin in unicode(UTF16LE)[only Windows].
  • outputEncoding: What encoding to use for the output if entire or part of the output is not UTF16LE. Default is Windows-1252[only Windows].