# |
Name |
Description |
1 |
cat |
Using stdlib, read the contents of the file and return the data (or the exception). |
2 |
download |
The stdlib will be used to read the bytes from disk. |
3 |
executeassembly |
Host a .NET CLR in the current process, execute the assembly, and then cleanly exit. |
4 |
getdrivers |
Enumerate all the system drivers. |
5 |
getenv |
Parse the Environmental Variable from the PEB Structure |
6 |
getexports |
Enumerate all the exports in a given dll. |
7 |
gethandles |
Enumerate all the handles for a process. |
8 |
getmodules |
Using the WINAPI, list the modules loaded by a process. If a PID is passed, the data is filtered |
9 |
getregions |
Enumerate all the memory regions in a process. |
10 |
getsystem |
Pass in a PID to a SYSTEM process. The Access Token is cloned and set on the executing thread |
11 |
getthreads |
Using the WINAPI, list the threads used by a process. If a PID is passed, the data is filtered |
12 |
hostname |
Return GetComputerName() |
13 |
huntrwx |
Using the NtQueryVirtualMemory SysCall, identify RWX Regions |
14 |
inject |
Using the configured method, inject a stageless implant into the target process. |
15 |
injectbin |
Using the configured method, inject specified shellcode into the target process. |
16 |
injectrdll |
Inject A Reflective DLL into a process. Setting the pid to 0 will self-inject. The injection is done via the configured method in the server configuration file. |
17 |
loaddll |
Using LoadLibraryA, load a DLL from disk. |
18 |
ls |
Use FindFirstFile & FindNextFile to cycle through either a user specified directory, or the current directory. |
19 |
modulegrep |
Using the WINAPI, list the processes on the host and enumerate the loaded modules |
20 |
procgrep |
Using the WINAPI, list the processes on the host and filter by name |
21 |
ps |
Using the WINAPI, list the processes on the host. If a PID is passed, the data is filtered |
22 |
pwd |
Extract the current path from the PEB. |
23 |
setpriv |
Using the WINAPI, Set or remove a privilege |
24 |
spawn |
Using the configured method, inject a stageless implant into the newly created process. |
25 |
upload |
The stdlib will be used to write the bytes to disk. |
26 |
whoami |
Return GetComputerName()\GetUsername() (CONTOSO\Administrator). |