Skip to content

Server Commands

Jump to bottom
Malwared LLC edited this page May 15, 2020 · 1 revision

Getting Started

  • Once you start the server, you can view a list of commands and usage information by using the help command
  • You may view all clients by running clients
  • You may view all active sessions by running "sessions". Each session will have a unique ID
  • You may connect to a session by running "shell [id]" (ex. "shell 1")

Commands

  • abort - abort execution and self-destruct

  • bg [id] - background a session (default: the current session)

  • broadcast - broadcast a task to all active sessions

  • cat [path] - display file contents

  • cd [path] - change current working directory

  • clients - show all clients that have joined the server

  • debug [code] - run python code directly on server (debugging MUST be enabled)

  • escalate - attempt uac bypass to escalate privileges

  • eval [code] - execute python code in current context

  • execute [path] [args] - run an executable program in a hidden process

  • exit - quit the server

  • help [cmd] - show usage help for commands and modules

  • icloud - check for logged in icloud account on macos

  • keylogger [mode] - log user keystrokes

  • kill [id] - end a session

  • load [target] - remotely import a module or package

  • ls - list the contents of a directory

  • miner [url] - run cryptocurrency miner in the background

  • options - show currently configured settings

  • outlook [option] [mode] - access outlook email in the background

  • packetsniffer [mode] - capture traffic on local network

  • passive - keep client alive while waiting to re-connect

  • persistence [add/remove] [method] - establish persistence on client host machine

  • portscanner [target] - scan a target host or network to identify

  • process [block/monitor] - block process (e.g. antivirus) or monitor process

  • pwd - show name of present working directory

  • query [statement] - query the SQLite database

  • ransom [id] - encrypt client files & ransom encryption key for a Bitcoin payment

  • restart [output] - restart the shell

  • screenshot - capture a screenshot from host device

  • sessions - show active client sessions

  • set [setting] [option=value] - change the value of a setting

  • shell [id] - interact with a client with a reverse TCP shell through an active session

  • show [value] - show value of an attribute

  • spread [gmail] - activate worm-like behavior and begin spreading client via email

  • stop [job] - stop a running job

  • tasks [id] - display all incomplete tasks for a client (default: all clients)

  • upload [file] - upload file from client machine to the c2 server

  • webcam [mode] - capture image/video from the webcam of a client device

  • wget [url] - download file from url

Home

Installing Dependencies

Windows 10

Python Setup

Installing Requirements

Linux

Installing Requirements

Mac OS

Installing Requirements

Getting Started

Generating a Payload

Starting the Server

Server Commands

Compiling Executable Payloads

Running the Console Application in a Docker container

Web GUI

Using the Web GUI

Running the Web GUI in a Docker container

Troubleshooting

Common Issues

Common Windows Issues

Common Linux Issues

Common osX Issues

Clone this wiki locally