Skip to content

Native Commands

This section lists the native commands available, their parameters, and usage examples.

bof

Execute a BOF (Beacon Object File) and return its output.

Parameters:

  • bofFile: The BOF file to run.
  • method: Execution method (usually "go").
  • inputArgs: Command-line arguments for the BOF in case on simple string input only.
  • inputArgsEncoding: Encoding for the arguments (UTF8 or UTF16LE).
  • inputAsBytes: Use binary input (overrides inputArgs if provided).
  • pack_format: Format to pack the arguments.
  • pack_args: List of arguments to be packed.

Example: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
--boundary
Content-Disposition: form-data; name="requestBody"
Content-Type: application/json; charset=UTF-8
{
  "template": "bof",
  "configuration": {
    "method": "go"
  }
}

--boundary
Content-Disposition: form-data; name="bofFile"; filename="bof.o"

__BOF_FILE__

cd

Change the agent's working directory.

Parameter:

  • dir: Directory to change to (relative or absolute).

Example: 

1
2
3
4
5
6
{
  "template": "cd",
  "configuration": {
    "dir": "..\\"
  }
}

cmd

Run a command using cmd.exe.

Parameters:

  • command: Command text to execute.
  • stdin: List of input strings (simulate pressing Enter between commands).
  • outputEncoding: Encoding used for reading output.

Example: 

1
2
3
4
5
6
{
  "template": "cmd",
  "configuration": {
    "command": "dir"
  }
}

die

Terminate the agent.

Example: 

1
2
3
4
{
  "template": "die",
  "configuration": {}
}

jobs

List currently running commands on the agent.

Example: 

1
2
3
4
{
  "template": "jobs",
  "configuration": {}
}

ls

List directory contents with a specified recursion depth.

Parameters:

  • dir: Directory to list.
  • depth: Number of subdirectory levels to include.

Example: 

1
2
3
4
5
6
7
{
  "template": "ls",
  "configuration": {
    "dir": "c:\\",
    "depth": 2
  }
}

ps

List processes running on the system.

Example: 

1
2
3
4
{
  "template": "ps",
  "configuration": {}
}

powershell

Execute a command using PowerShell.

Parameters:

  • command: PowerShell command to execute.
  • stdin: List of input lines for the command(simulated enter presses between).
  • outputEncoding: Encoding for the output.

Example: 

1
2
3
4
5
6
{
  "template": "powershell",
  "configuration": {
    "command": "ls"
  }
}

run

Execute an external program on the agent with optional arguments or input.

Parameters:

  • cmdline: The program and its command-line arguments.
  • output: Indicates whether stdout and stderr should be returned.
  • stdin: List of input lines (simulated enter presses between).
  • unicode: True if the input should be UTF-16 (default is false)[only Windows].
  • outputEncoding: Encoding used for the program's output[only Windows].

Example: 

1
2
3
4
5
6
{
  "template": "run",
  "configuration": {
    "cmdline": "rundll32 payload.dll,bob"
  }
}

sh

Run a command using the sh shell on the target system.

Parameters:

  • command: The command to execute.
  • stdin: Array of input strings for the command (simulated enter presses between).

Note: Available by default on Linux and BSD agents.

Example: 

1
2
3
4
5
6
7
{
  "template": "sh",
  "configuration": {
    "command": "ls -la",
    "stdin": []
  }
}

sleep

Adjust the agent’s sleep duration for HTTP/HTTPS communication.

Parameters:

  • sleep: Base sleep time in seconds.
  • sleepRandom: Amount of random variation in sleep time.

Example: 

1
2
3
4
5
6
7
{
  "template": "sleep",
  "configuration": {
    "sleep": 60,
    "sleepRandom": 15
  }
}

sleep-until

Set a specific wake-up time for the agent.

Parameter:

  • sleepEnds: ISO-formatted date (Zulu time) or a UNIX timestamp.

Example: 

1
2
3
4
5
6
{
  "template": "sleep-until",
  "configuration": {
    "sleepEnds": "2025-12-31T23:59:59Z"
  }
}

token-del

Delete a specific token.

Parameter:

  • nr: The token number to delete.

Example: 

1
2
3
4
5
6
{
  "template": "token-del",
  "configuration": {
    "nr": 1
  }
}

token-del-all

Delete all tokens.

Example: 

1
2
3
4
{
  "template": "token-del-all",
  "configuration": {}
}

token-list

List all available tokens along with related details.

Example: 

1
2
3
4
{
  "template": "token-list",
  "configuration": {}
}

token-make

Create a token using provided credentials.

Parameters:

  • username: Username for token creation.
  • password: Password for token creation.
  • netonly: Whether the token is created as a netonly type

Example: 

1
2
3
4
5
6
7
8
{
  "template": "token-make",
  "configuration": {
    "username": "bob",
    "password": "bob123",
    "netonly": false
  }
}

token-use

Select a token for use with subsequent commands.

Parameter:

  • nr: Token number to use (0 resets to the default).

Example: 

1
2
3
4
5
6
{
  "template": "token-use",
  "configuration": {
    "nr": 1
  }
}

token-steal

Extract a token from a running process.

Parameter:

  • pid: Process ID from which to steal the token.

Example: 

1
2
3
4
5
6
{
  "template": "token-add",
  "configuration": {
    "pid": 1234
  }
}