Skip to content

Native commands

List on native (implemented in core part of the agent) commands.

bof

This command executes bof (Beacon Object Files) file and returns output.

Parameters:

  • bofFile: BOF file to execute
  • method: What method to execute (usually "go")
  • inputArgs: Command line arguments for bof
  • inputArgsEncoding: In what encoding the command line arguments should be provided to the bof (UTF8 or UTF16LE)
  • inputAsBytes: If input for bof is binary, then it has to be provided by this parameter (if provided, the inputArgs and inputArgsEncoding parameters arge ignored)

cd

This command changes the agent working directory.

Parameters:

  • dir: What directory to move - relative(based on agent current one) or absolute

cmd

Executes given command by cmd.exe

Parameters:

  • command: Command that is executed by cmd.exe
  • stdin: Array of strings written into stdin of the process - separated by "enter"-s

connection-conf

This command changes configuration of the listener shellcode running in the agent.

Currently not usable directly

Parameters:

  • listenerPluginId: ID of the listener that's shellcode in the agent is being changed
  • listenerId: ID of the listener shellcode INSIDE agent (for now it's always 1)
  • listenerConfiguration: Configuration of the changes to be made

Parameters: None

die

This command kills the agent that this command is sent to.

Parameters: None

jobs

List of commands running in the agent

ls

This command returns directory content info with given recursive depth.

Parameters:

  • dir: What directory to list
  • depth: How deep directory listing should be

ps

Process list in the agent machine

Parameters: None

powershell

Executes given command by powershell

Parameters:

  • command: Command that is executed by powershell
  • stdin: Array of strings written into stdin of the process - separated by "enter"-s

run

Executes given program with the given command line arguments. If configured such way, also returns stdout and stderr streams from the process.

Parameters:

  • cmdline: Program being run and command line arguments provided to the program
  • output: Is stdout and stderr streams returned
  • stdin: Array of strings written into stdin of the process - separated by "enter"-s
  • unicode: Is stdin written in UTF-16 encoding (default is false)

sleep

Changes sleep time and random variation in agent connection to HTTP/HTTPS listener. This command is available only to agents that are communicating over HTTP/HTTPS listener

Parameters:

  • sleep: Sleep time in seconds
  • sleepRandom: Plus-minus how many seconds sleep time can vary

token-add

This command tries to steal token from existing process and store it.

Parameters:

  • pid: From what process to take token

token-del

This command will delete a single token

Parameters:

  • nr: Number of the token to delete

token-del-all

This command will delete all the tokens

Parameters: None

token-list

This command returns list of tokens (number and username relating to it)

Parameters: None

token-make

This command tries to create token by using username and password.

Parameters:

  • username: Username to use
  • password: Password to use

token-use

This command makes agent use the selected token for all commands possible

Parameters:

  • nr: Number of the token to use (0 to reset back to agent original)