Skip to content

Plugin commands

List on plugin commands provided along with C2.

For all these plugins there also exist additional execution configuration options explained here.

connect-smb

Used along with "Relay Agent Bind SMB" listener. The agent created using that listener, will expect a connection from parent agent that can be triggered using this command.

Parameters:

  • host: IP or domain name to use to connect to the SMB agent
  • pipename: SMB pipe name to use to connect to the SMB agent

connect-tcp

Used along with "Relay Agent Bind TCP listener" listener. The agent created using that listener, will expect a connection from parent agent that can be triggered using this command.

Parameters:

  • host: IP or domain to connect to TCP-BIND agent
  • port: TCP port number to connect to TCP-BIND agent

execute-assembly

Executes .NET executable in memory

Parameters:

  • executable: .NET executable file content (if provided via API, have to be base64 encoded)
  • parameters: Parameters to be provided to .NET as command line arguments

fs-delete

This command deletes file in agent filesystem

Parameters:

  • filepath: Path of the file to delete (environment variables are supported)

fs-read

This command reads and returns file from agent filesystem

Parameters:

  • filepath: Path of the file to read (environment variables are supported)

fs-write

This command reads and returns file from agent filesystem

Parameters:

  • filepath: Path of the file being written (environment variables are supported)
  • data: Content of the file (if provided via API, have to be base64 encoded)

inject

Injects and executes shellcode

Parameters:

  • shellcode: shellcode to execute (if provided via API, have to be base64 encoded)

jump-service

Command for latteral movement. You can copy file to target machine over SMB and then create & start service pointing to that or any other executable

Parameters:

  • payloadId: Payload used in jump - should be service exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • servicePath: Path of the created service
  • serviceName: Name of the created service
  • serviceDisplayName: Display name of the created service
  • username: Username to use for copy and jump (if needed)
  • password: Password to use for copy and jump (if needed)

jump-ssh

Command for latteral movement. You can copy file to target machine over SMB and then run it or any command over SSH

Parameters:

  • payloadId: Payload used in jump - should be executable exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • cmdline: Command line to run on target machine
  • username: Username to use for copy and jump
  • password: Password to use for copy and jump
  • privateKeyPassword: Password of the private key file

jump-winrm

Command for latteral movement. You can copy file to target machine over SMB and then run it or any powershell command over Windows Remote Management

Parameters:

  • payloadId: Payload used in jump - should be executable exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • executablePath: Path of the executable to run
  • customPowershell: Custom powershell to run
  • username: Username to use for copy and jump (if needed)
  • password: Password to use for copy and jump (if needed)

jump-wmi

Command for latteral movement. You can copy file to target machine over SMB and then run it or any command over Windows Management Instrumentation

Parameters:

  • payloadId: Payload used in jump - should be executable exe
  • copyMethod: What method to use for copying payload (SMB, NONE)
  • copyPath: Where to copy file in target machine
  • target: Target machine ip/name
  • cmdline: Command line to run on target machine
  • username: Username to use for copy and jump (if needed)
  • password: Password to use for copy and jump (if needed)

procinfo

Returns additional information about agent's process

Parameters: None

screenshot

Makes screenshot on target machine and returns the picture

Parameters: None

socks5

Creates SOCKS5 proxy into agent network

Parameters:

  • port: Port that is opened by C2 for user to use as socks5 proxy

spawn

Spawns new agent

Parameters:

  • listenerId: What listener the agent will connect
  • payloadType: Type of the payload
  • encryptedCommunication: Should communication be encrypted