Skip to content

API: Payloads

List of payload plugins

Request

GET /api/v1/plugins/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

List of payload templates

Request

GET /api/v1/payloads/templates HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

Create new payload

To construct a new payload, it is requisite to furnish the identifier (ID) of the desired payload template type. Additionally, the specification of the listener to which the payload will establish a connection is mandatory. Further, any supplementary configuration mandated by the plugin corresponding to the chosen template must be provided. It is also possible to determine whether the communication between the Command and Control (C2) server and the agent should be encrypted internally. It is pertinent to note that this internal encryption is independent of any external protocol encryption, such as HTTPS, that may be in effect.

Request

POST /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "payloadTemplateId": "PAYLOAD_TEMPLATE_ID",
  "configuration": {PAYLOAD_CONFIGURATION},
  "listenerId": 1,
  "encrypted": true
}

Example

POST /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "payloadTemplateId": "shelldot.payload.windows-x64",
  "configuration": {
    "type": "EXECUTABLE",
    "initialWait": 60,
    "paddingSize": 1000000
  },
  "listenerId": 1,
  "encrypted": true
}

List all created payloads

Request

GET /api/v1/payloads HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

See created payload data

Request

GET /api/v1/payloads/1 HTTP/1.1
Authorization: Bearer {JWT_TOKEN}

Download created payloads

Request

GET /api/v1/payloads/{PAYLOAD_I}/download HTTP/1.1
Authorization: Bearer {JWT_TOKEN}