From 061f198461c4ebcb1ad28af439cb0880819c4060 Mon Sep 17 00:00:00 2001 From: Jakob Friedl <71284620+jakobfriedl@users.noreply.github.com> Date: Mon, 7 Jul 2025 21:41:47 +0200 Subject: [PATCH] Added more TODOs --- server/agent/commands/commands.nim | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/server/agent/commands/commands.nim b/server/agent/commands/commands.nim index b8d6bfc..148e03d 100644 --- a/server/agent/commands/commands.nim +++ b/server/agent/commands/commands.nim @@ -6,22 +6,23 @@ export shell, sleep, pwd, cd, ls House-keeping ------------- - [~] sleep : Set sleep obfuscation duration to a different value and persist that value in the agent + [X] sleep : Set sleep obfuscation duration to a different value and persist that value in the agent Basic API-only Commands ----------------------- - [~] pwd : Get current working directory - [~] cd : Change directory - [ ] ls/dir : List all files in directory (including hidden ones) + [X] pwd : Get current working directory + [X] cd : Change directory + [X] ls/dir : List all files in directory (including hidden ones) [ ] cat/type : Display contents of a file [ ] env : Display environment variables [ ] ps : List processes [ ] whoami : Get UID and privileges, etc. [ ] token : Token impersonation - [ ] make : Create a token from a user's plaintext password - [ ] steal : Steal the access token from a process - [ ] use : Impersonate a token from the token vault + [ ] make : Create a token from a user's plaintext password (LogonUserA, ImpersonateLoggedOnUser) + [ ] steal : Steal the access token from a process (OpenProcess, OpenProcessToken, DuplicateToken, ImpersonateLoggedOnUser) + [ ] use : Impersonate a token from the token vault (ImpersonateLoggedOnUser) -> update username like in Cobalt Strike + [ ] rev2self : Revert to original logon session (RevertToSelf) Execution Commands ------------------