Skip to content

Plugin commands

List on plugin commands provided along with C2.

For all these plugins there also exist additional execution configuration options explained here.

connect-smb

Used along with "Relay Agent Bind SMB" listener. The agent created using that listener, will expect a connection from parent agent that can be triggered using this command.

Parameters:

  • host: IP or domain name to use to connect to the SMB agent
  • pipename: SMB pipe name to use to connect to the SMB agent

connect-tcp

Used along with "Relay Agent Bind TCP listener" listener. The agent created using that listener, will expect a connection from parent agent that can be triggered using this command.

Parameters:

  • host: IP or domain to connect to TCP-BIND agent
  • port: TCP port number to connect to TCP-BIND agent

execute-assembly

Executes .NET executable in memory

Parameters:

  • @files.executable: .NET executable file content (if provided via API, have to be base64 encoded)
  • parameters: Parameters to be provided to .NET as command line arguments

rm

This command deletes file in agent filesystem

Parameters:

  • filepath: Path of the file to delete (environment variables are supported)

download

This command reads and returns file from agent filesystem

Parameters:

  • filepath: Path of the file to read (environment variables are supported)

upload

Write (aka upload) a file to target filesystem

Parameters:

  • filepath: Path of the file being written (environment variables are supported)
  • @files.file: Content of the file (if provided via API, have to be base64 encoded)

mv

Move a file or a directory on the target

Parameters:

  • source: The source path of the file to move
  • destination: The destination path of the file to move

cp

Copy a file or directory on the target filesystem

Parameters:

  • source: The source path of the file to copy from
  • destination: The destination path of the file to copy to

mkdir

Create a new directory on the target

Parameters:

  • dirpath: The directory path to create. Can be relative or absolute path. Supports recursive creation by default.

inject

Injects and executes shellcode

Parameters:

  • @files.shellcode: shellcode to execute (if provided via API, have to be base64 encoded)

jump-service

Command for lateral movement. You can copy file to target machine over SMB and then create & start service pointing to that or any other executable

Parameters:

  • payloadId: Payload used in jump - should be service exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • servicePath: Path of the created service
  • serviceName: Name of the created service
  • serviceDisplayName: Display name of the created service
  • username: Username to use for copy and jump (if needed)
  • password: Password to use for copy and jump (if needed)

jump-ssh

Command for lateral movement. You can copy file to target machine over SMB and then run it or any command over SSH

Parameters:

  • payloadId: Payload used in jump - should be executable exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • cmdline: Command line to run on target machine
  • username: Username to use for copy and jump
  • password: Password to use for copy and jump
  • privateKeyPassword: Password of the private key file

jump-winrm

Command for lateral movement. You can copy file to target machine over SMB and then run it or any powershell command over Windows Remote Management

Parameters:

  • payloadId: Payload used in jump - should be executable exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • executablePath: Path of the executable to run
  • customPowershell: Custom powershell to run
  • username: Username to use for copy and jump (if needed)
  • password: Password to use for copy and jump (if needed)

jump-wmi

Command for lateral movement. You can copy file to target machine over SMB and then run it or any command over Windows Management Instrumentation

Parameters:

  • payloadId: Payload used in jump - should be executable exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • cmdline: Command line to run on target machine
  • username: Username to use for copy and jump (if needed)
  • password: Password to use for copy and jump (if needed)

procinfo

Returns additional information about agent's process

Parameters: None

screenshot

Takes a screenshot on target machine and returns the picture

Parameters: None

socks5

Creates SOCKS5 proxy into agent network

Parameters:

  • port: Port that is opened by C2 for user to use as socks5 proxy

spawn

Spawns new agent. NB use execConf to guide spawn.

Parameters:

  • payloadId: What listener the agent will connect
  • encryptedCommunication: Should communication be encrypted