Skip to content

Native Commands

This section describes commands built into the agent. They are simple, direct tools for common tasks.

bof

Purpose: Runs a Beacon Object File and returns its output.
Parameters:

  • bofFile: The BOF file to run.
  • method: Execution method (usually "go").
  • inputArgs: Command-line arguments for the BOF in case on simple string input only.
  • inputArgsEncoding: Encoding for the arguments (UTF8 or UTF16LE).
  • inputAsBytes: Use binary input (overrides inputArgs if provided).
  • pack_format: Format to pack the arguments.
  • pack_args: List of arguments to be packed.
  • designated_thread: By default, each BOF runs in its own thread. If this option is set to true, the BOF will instead run on a shared thread with all other BOFs that also have this option set to true.
  • keep_in_memory: By default, a loaded BOF is removed from memory once execution finishes. If this option is set to true, the BOF stays in memory and will be reused on subsequent executions instead of being reloaded.

cd

Purpose: Changes the agent’s current directory.
Parameters:

  • dir: Directory to change to (relative or absolute).

cmd

Purpose: Executes a command using cmd.exe.
Parameters:

  • command: Command text to execute.
  • stdin: List of input strings (simulate pressing Enter between commands).
  • outputEncoding: Encoding used for reading output.

die

Purpose: Stops the agent.
Parameters: None

jobs

Purpose: Displays a list of currently running commands.

ls

Purpose: Lists directory contents.
Parameters:

  • dir: Directory to list.
  • depth: Number of subdirectory levels to include.

ps

Purpose: Shows a list of processes running on the agent machine.
Parameters: None

powershell

Purpose: Runs a command using PowerShell.
Parameters:

  • command: PowerShell command to execute.
  • stdin: List of input lines for the command(simulated enter presses between).
  • outputEncoding: Encoding for the output.

run

Purpose: Executes a program, optionally returning its output.
Parameters:

  • cmdline: The program and its command-line arguments.
  • output: Indicates whether stdout and stderr should be returned.
  • stdin: List of input lines (simulated enter presses between).
  • unicode: True if the input should be UTF-16 (default is false)[only Windows].
  • outputEncoding: Encoding used for the program's output[only Windows].

sh

Note: This command is available for Linux and BSD payloads.

Purpose: Runs a shell command using sh.
Parameters:

  • command: The command to execute.
  • stdin: Array of input strings for the command (simulated enter presses between).

sleep

Purpose: Adjusts the agent’s sleep duration for HTTP/HTTPS communication.
Parameters:

  • sleep: Base sleep time in seconds.
  • sleepRandom: Amount of random variation in sleep time.

sleep-until

Purpose: Sets a specific time for the agent to wake up.
Parameters:

  • sleepEnds: ISO-formatted date (Zulu time) or a UNIX timestamp in seconds.

token-del

Purpose: Removes a specific token.
Parameters:

  • nr: The token number to delete.

token-del-all

Purpose: Removes all stored tokens.
Parameters: None

token-list

Purpose: Lists all tokens along with their numbers and usernames.
Parameters: None

token-make

Purpose: Tries to create a token using a username and password.
Parameters:

  • username: Username for token creation.
  • password: Password for token creation.
  • netonly: Whether the token is created as a netonly type

token-use

Purpose: Applies a specific token for future commands or resets to the default token.
Parameters:

  • nr: Token number to use (0 resets to the default).

token-steal

Purpose: Steal a token from an existing process and add it to the token store.
Parameters:

  • pid: Process ID from which to steal the token.