Skip to content

Plugin Commands

This document lists plugin commands used with the C2 system. For additional execution configuration options, see Execution Context.

connect-smb

Purpose: Connect to the SMB agent using a parent agent trigger.
Parameters:

  • host: IP address or domain of the SMB agent.
  • pipename: Name of the SMB pipe.

connect-tcp

Purpose: Establish connection for a TCP-BIND agent.
Parameters:

  • host: IP address or domain to connect to.
  • port: TCP port number.

cp

Purpose: Copy a file or directory on the target filesystem.
Parameters:

  • source: Source file/directory path.
  • destination: Destination file/directory path.

download

Purpose: Read and return a file from the agent’s filesystem.
Parameters:

  • filepath: File path to read (supports environment variables).

execute-assembly

Purpose: Execute a .NET executable in memory.
Parameters:

  • @files.executable: .NET executable file content.
  • parameters: Command line arguments for the .NET executable.

inject

Purpose: Inject and execute shellcode.
Parameters:

  • @files.shellcode: Shellcode content.

jump-service

Purpose: Achieve lateral movement by copying a payload and creating a service.
Parameters:

  • payloadId: Service executable payload ID.
  • copyMethod: Method for copying payload (SMB, NONE).
  • copyPath: Destination path for the copied file.
  • target: Target machine IP/name.
  • servicePath: Path for the created service.
  • serviceName: Service name.
  • serviceDisplayName: Display name for the service.
  • cleanup: Should service be deleted after execution.
  • username: Username (if needed).
  • password: Password (if needed).

jump-ssh

Purpose: Achieve lateral movement by running commands or copying payload via SSH.
Parameters:

  • payloadId: Executable payload ID.
  • copyMethod: Copy method (SMB, NONE).
  • copyPath: Destination path.
  • target: Target machine IP/name.
  • cmdline: Command line to execute.
  • username: Username.
  • password: Password.
  • @files.privateKeyPEM: Private key PEM file
  • privateKeyPassword: Password for the private key file.

jump-winrm

Purpose: Execute commands or run an executable using Windows Remote Management.
Parameters:

  • payloadId: Executable payload ID.
  • copyMethod: Copy method (SMB, NONE).
  • copyPath: Destination path.
  • target: Target machine IP/name.
  • executablePath: Path of the executable to run.
  • customPowershell: Custom PowerShell script.
  • username: Username (if needed).
  • password: Password (if needed).

jump-wmi

Purpose: Execute commands using Windows Management Instrumentation.
Parameters:

  • payloadId: Executable payload ID.
  • copyMethod: Copy method (SMB, NONE).
  • copyPath: Destination path.
  • target: Target machine IP/name.
  • cmdline: Command line to execute.
  • username: Username (if needed).
  • password: Password (if needed).

mkdir

Purpose: Create a new directory on the target filesystem.
Parameters:

  • dirpath: Directory path to create (supports recursive creation).

mv

Purpose: Move a file or directory.
Parameters:

  • source: Source file/directory path.
  • destination: Destination path.
  • overwrite: Allow to overwrite the destination file.

portscan

Purpose: Perform a TCP port scan and log discovered hosts and ports.
Parameters:

  • ips: IP addresses or ranges (comma-separated).
  • ports: Ports or ranges (comma-separated).
  • hostDiscovery: Host discovery method (ICMP default, ARP, NONE).
  • timeout: Connection timeout in milliseconds.
  • threads: Number of concurrent ARP threads.

procinfo

Purpose: Retrieve additional details about the agent’s process.
Parameters: None.

rm

Purpose: Remove a file from the agent’s filesystem.
Parameters:
filepath:* File path to delete (supports environment variables).

screenshot

Purpose: Capture and return a screenshot from the target machine.
Parameters: None.

socks5

Purpose: Create a SOCKS5 proxy on the agent’s network.
Parameters:

  • port: Port that C2 opens for the SOCKS5 proxy.

spawn

Purpose: Spawn a new agent (use execConf for configuration).
Parameters:

  • payloadId: Listener payload ID.
  • encryptedCommunication: Whether to encrypt communication.

upload

Purpose: Write (upload) a file to the target filesystem.
Parameters:

  • filepath: Destination file path (supports environment variables).
  • @files.file: File content.