69 lines
2.1 KiB
Markdown
69 lines
2.1 KiB
Markdown
# Modules <!-- omit from toc -->
|
|
|
|
## Contents <!-- omit from toc -->
|
|
|
|
- [Overview](#overview)
|
|
- [EXIT](#exit)
|
|
- [SLEEP](#sleep)
|
|
- [SHELL](#shell)
|
|
- [BOF](#bof)
|
|
- [DOTNET](#dotnet)
|
|
- [FILESYSTEM](#filesystem)
|
|
- [FILETRANSFER](#filetransfer)
|
|
- [SCREENSHOT](#screenshot)
|
|
- [SYSTEMINFO](#systeminfo)
|
|
- [TOKEN](#token)
|
|
|
|
## Overview
|
|
|
|
Currently, the following commands are available in the `Monarch` agent when all modules are activated.
|
|
|
|
```
|
|
* exit Exit the agent.
|
|
* self-destruct Exit the agent and delete the executable from disk.
|
|
* sleep Update sleep delay settings.
|
|
* sleepmask Update sleepmask settings.
|
|
* shell Execute a shell command and retrieve the output.
|
|
* bof Execute an object file in memory and retrieve the output.
|
|
* dotnet Execute a .NET assembly in memory and retrieve the output.
|
|
* pwd Retrieve current working directory.
|
|
* cd Change current working directory.
|
|
* ls List files and directories.
|
|
* rm Remove a file.
|
|
* rmdir Remove a directory.
|
|
* move Move a file or directory.
|
|
* copy Copy a file or directory.
|
|
* download Download a file.
|
|
* upload Upload a file.
|
|
* screenshot Take a screenshot of the target system.
|
|
* ps Display running processes.
|
|
* env Display environment variables.
|
|
* make-token Create an access token from username and password.
|
|
* steal-token Steal the primary access token of a remote process.
|
|
* rev2self Revert to original access token.
|
|
* token-info Retrieve information about the current access token.
|
|
* enable-privilege Enable a token privilege.
|
|
* disable-privilege Disable a token privilege.
|
|
```
|
|
|
|
## EXIT
|
|
|
|
|
|
|
|
## SLEEP
|
|
|
|
## SHELL
|
|
|
|
## BOF
|
|
|
|
## DOTNET
|
|
|
|
## FILESYSTEM
|
|
|
|
## FILETRANSFER
|
|
|
|
## SCREENSHOT
|
|
|
|
## SYSTEMINFO
|
|
|
|
## TOKEN |