admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1f73cf142d5c62cc1f96a7c2ef1f7c7cd77c2c7a
conquest/server/agent/commands/commands.nim
Jakob Friedl 92da6f1288 Merge ls, pwd and cd into a single 'filesystem' file
2025-07-08 20:36:43 +02:00

45 lines
2.3 KiB
Nim
Raw Blame History

import ./[shell, sleep, filesystem]
export shell, sleep, filesystem
#[
"Monarch" Agent commands:
House-keeping
-------------
[X] sleep : Set sleep obfuscation duration to a different value and persist that value in the agent
Basic API-only Commands
-----------------------
[X] pwd : Get current working directory
[X] cd : Change directory
[X] ls/dir : List all files in directory (including hidden ones)
[ ] cat/type : Display contents of a file
[ ] env : Display environment variables
[ ] ps : List processes
[ ] whoami : Get UID and privileges, etc.
[ ] token : Token impersonation
[ ] make : Create a token from a user's plaintext password (LogonUserA, ImpersonateLoggedOnUser)
[ ] steal : Steal the access token from a process (OpenProcess, OpenProcessToken, DuplicateToken, ImpersonateLoggedOnUser)
[ ] use : Impersonate a token from the token vault (ImpersonateLoggedOnUser) -> update username like in Cobalt Strike
[ ] rev2self : Revert to original logon session (RevertToSelf)
Execution Commands
------------------
[~] shell : Execute shell command (to be implemented using Windows APIs instead of execCmdEx)
[ ] bof : Execute Beacon Object File in memory and retrieve output (bof /local/path/file.o)
- Read from listener endpoint directly to memory
- Base for all kinds of BOFs (Situational Awareness, ...)
[ ] pe : Execute PE file in memory and retrieve output (pe /local/path/mimikatz.exe)
[ ] dotnet : Execute .NET assembly inline in memory and retrieve output (dotnet /local/path/Rubeus.exe )
Post-Exploitation
-----------------
[ ] upload : Upload file from server to agent (upload /local/path/to/file C:\Windows\Tasks)
- File to be downloaded moved to specific endpoint on listener, e.g. GET /<listener>/<agent>/<upload-task>/file
- Read from webserver and written to disk
[ ] download : Download file from agent to teamserver
- Create loot directory for agent to store files in
- Read file into memory and send byte stream to specific endpoint, e.g. POST /<listener>/<agent>/<download>-task/file
- Encrypt file in-transit!!!
]#
Reference in New Issue View Git Blame Copy Permalink