Commercial Native Commands

Native commands available exclusively in the commercial payload. These extend the core agent with privilege management, runtime override capabilities, and Linux/BSD shell access.

Quick Reference

Command	OS	Summary
`chmod`	Linux / BSD	Change file or directory permissions
`override-list`	Windows	List all loaded override DLLs
`override-load`	Windows	Load a DLL to override agent functionality
`override-set`	Windows	Apply a loaded DLL override
`override-unload`	Windows	Unload an override DLL
`override-unset`	Windows	Remove an active override
`privilege-disable`	Windows	Disable a token privilege
`privilege-enable`	Windows	Enable a token privilege
`privilege-list`	Windows	List all current token privileges
`sh`	Linux / BSD	Execute a shell command via `sh`

chmod

OS Support: Linux, BSD

Purpose: Changes the access permissions of a file or directory on the target system.

Parameter	Type	Required	Default	Description
`path`	string	Yes	-	Path of the file or directory to modify.
`access`	string	Yes	-	Permission string in symbolic or octal notation (e.g. `755`, `u+rw`, `a=rwx`, `o-wx`, `+x`).

Example:

1	`chmod --path /tmp/agent --access +x`

override-list

OS Support: Windows (commercial payload only)

Purpose: Lists all override DLLs currently loaded by the agent and the agent functionalities they override.

Parameters: None

Example:

1	`override-list`

Info

Override DLLs are loaded with override-load and activated with override-set. This command shows which overrides are currently active.

override-load

OS Support: Windows (commercial payload only)

Purpose: Uploads a DLL into the agent's memory, making it available to override core agent functionality.

Parameter	Type	Required	Default	Description
`name`	string	Yes	-	A unique identifier for this override DLL (used to reference it in `override-set`).
`@files.dll`	file	Yes	-	The DLL file to load.

Example:

1	`override-load --name myhttp --@files.dll custom_http.dll`

Tip

After loading, use override-set to activate the override for a specific functionality. Use override-list to confirm the DLL was loaded successfully.

override-set

OS Support: Windows (commercial payload only)

Purpose: Activates an override by directing a specific agent functionality to a method in a previously loaded DLL.

Parameter	Type	Required	Default	Description
`functionality`	string	Yes	-	The agent functionality to override (e.g. `http_send`, `sleep_callback`).
`dll`	int	Yes	-	The numeric ID of the loaded DLL (as shown by `override-list`).
`method`	string	Yes	-	The exported method name in the DLL to invoke.

Example:

1	`override-set --functionality http_send --dll 1 --method CustomHttpSend`

Warning

Applying an incorrect override can make the agent unstable or break its communication channel. Test overrides in a controlled environment before deploying operationally.

override-unload

OS Support: Windows (commercial payload only)

Purpose: Unloads a previously loaded override DLL from the agent's memory.

Parameter	Type	Required	Default	Description
`id`	int	Yes	-	The numeric ID of the DLL to unload, as shown by `override-list`.

Example:

1	`override-unload --id 1`

Warning

Unloading a DLL that has an active override applied will cause that override to break. Run override-unset to remove the active override before unloading the DLL.

override-unset

OS Support: Windows (commercial payload only)

Purpose: Removes an active override, restoring the agent's default behaviour for that functionality.

Parameter	Type	Required	Default	Description
`functionality`	string	Yes	-	The functionality from which to remove the override.

Example:

1	`override-unset --functionality http_send`

privilege-disable

OS Support: Windows (commercial payload only)

Purpose: Disables one or more privileges in the agent's current process token.

Parameter	Type	Required	Default	Description
`privilege`	string	Yes	-	Name of the privilege to disable (e.g. `SeDebugPrivilege`), or `*` to disable all.

Example:

1	`privilege-disable --privilege SeDebugPrivilege`

Warning

Disabling privileges cannot always be reversed within the same process. Use privilege-list first to confirm the current state, and avoid disabling privileges that the agent needs for its own operations.

privilege-enable

OS Support: Windows (commercial payload only)

Purpose: Enables one or more privileges in the agent's current process token.

Parameter	Type	Required	Default	Description
`privilege`	string	Yes	-	Name of the privilege to enable (e.g. `SeDebugPrivilege`), or `*` to enable all available.

Example:

1	`privilege-enable --privilege SeDebugPrivilege`

Tip

Common privileges to enable before sensitive operations:

SeDebugPrivilege - required for token-steal from other users' processes
SeImpersonatePrivilege - required for token impersonation techniques
SeTakeOwnershipPrivilege - allows taking ownership of files and registry keys

privilege-list

OS Support: Windows (commercial payload only)

Purpose: Lists all privileges in the agent's current process token along with their enabled/disabled state.

Parameters: None

Example:

1	`privilege-list`

sh

OS Support: Linux, BSD

Purpose: Executes a command using the system's sh shell.

Parameter	Type	Required	Default	Description
`command`	string	Yes	-	The shell command to execute.
`stdin`	string[]	No	-	Lines sent to stdin, simulating Enter presses between each.

Example:

1	`sh --command "id && hostname && cat /etc/passwd \| head -5"`