BeaconCommands
===============
the Command the Description
------- -----------
browserpivot injected into the victim's browser process
bypassuac bypass the UAC
the Cancel Cancels Download conducted
cd Change directory
checkin force the host back even once
clear clear beacon internal task queue
Connect Connect to a Beacon peerover TCP
covertvpn deployment Covert VPN client
cp copy files
dcsync extract password hashes from the DC
desktop remote VNC
dllinject reflection DLL injection process
dllload use LoadLibrary to load the DLL into the process
download download files
downloads listed ongoing file downloads
drives lists the target letter
elevate try to provide the right to
execute the implementation of the program (no output) on the target
execute-assembly on the target memory to perform local .NET program
exit exit Beacon
getprivs the Enable System privileges the OnCurrent token
getsystem try to get SYSTEM privileges
getuid obtain a user ID
hashdump dump password hashes
help help
inject generate conversation in a particular process
jobkill kill a background task
jobs listed in the background task
kerberos_ccache_use import bill applies to this session from the ccache file
kerberos_ticket_purge clear the current notes session
kerberos_ticket_use import bills from the ticket file used in this session
keylogger keyloggers
kill end process
Link to Connect a Beacon peerover a named pipe
logonpasswords use mimikatz dump credentials and the hash value of
the listed files LS
make_token create a token to pass credentials
mimikatz run mimikatz
mkdir creates a directory
mode dns DNS a used as a communication channel (Beacon only the DNS)
mode dns-TXT using DNS TXT (only D beacon) as the communication channel
DNS beacon mode dns6 DNS AAAA used as a communication channel (only )
MODE HTTP using HTTP as the communication channel
mv move files
net net command
note The
portscan port scan
powerpick through Unmanaged PowerShell command execution
powershell.exe execute commands via powershell
powershell-import import powershell script
ppid the Set parent PID forspawned POST-EX Jobs
PS display the process list
psexec Use a service to spawn asession on a Host
psexec_psh the use PowerShell to spawn asession oN A Host
psinject execute PowerShell commands in a particular process
pth use Mimikatz passed hash
pwd current directory location
REG Query at the Registry
rev2self restore the original token
rm delete files or folders
rportfwd port forwarding
run target executing a program (return output)
the runas program to another user who performs
runasadmin executing a program in a high privilege
runu underanother the execute the PID program A
Screenshot screenshot
setenv set environment variables
execute the command shell cmd
shinject the shellcode injection process
shspawn generation process and inject shellcode which
sleep set the sleep latency
socks start SOCKS4 proxy
socks stop stop SOCKS4
spawn Spawn A the session
spawnas Spawn the session AS A anotheruser
spawnto the Set Executable tospawn Processes INTO
spawnu the session Spawn A PID underanother
ssh ssh to connect to remote host using
ssh-key uses the key to connect to remote host
steal_token steal tokens from the process
timestomp a file timestamp applied to another file
unlink the Disconnect from parentBeacon
the Upload upload file
wdigest use mimikatz dump plaintext credentials
winrm use WinRM to generate the session on the host
wmi use WMI to generate a session on the host
argue deceive process parameters