| ls |
Use FindFirstFile & FindNextFile to cycle through either a user specified directory, or the current directory. |
| cat |
Using stdlib, read the contents of the file and return the data (or the exception). |
| whoami |
Return GetComputerName()\GetUsername() (CONTOSO\Administrator). |
| hostname |
Return GetComputerName() |
| upload |
The stdlib will be used to write the bytes to disk. |
| download |
The stdlib will be used to read the bytes from disk. |
| pwd |
Get the current directory from the PEB |
| injectrdll |
Inject A Reflective DLL into a process. Setting the pid to 0 will self-inject. The injection is done via the configured method in the server configuration file. |
| loaddll |
Using LoadLibraryA, load a DLL from disk. |
| inject |
Using the configured method, inject a stageless implant into the target process. |
| injectbin |
Using the configured method, inject specified shellcode into the target process. |
| spawn |
Using the configured method, inject a stageless implant into the newly created process. |
| execute-assembly |
Host a .NET CLR in the current process, execute the assembly, and then cleanly exit. |
| getthreads |
List all the threads on the host. If a pid is passed, the search is limited. |
| getmodules |
List all the modules in a process. If a pid is passed, then a handle is opened. |
| ps |
List all the processes (username, executable name, process id, integrity, parent process). |
| procgrep |
Search, and retrieve, information on a specified process. |
| getsystem |
Steal a token from a SYSTEM Process and apply it to the executing thread. |
| setpriv |
Add or remove a privilege |
| modulegrep |
Find a process with a specified module loaded |
| huntrwx |
Use NtQueryVirtualMemory syscall to find RWX regions in a process |
