Implemented 'cd' and 'ls' commands using Windows APIs.

2025-07-07 21:30:05 +02:00
parent 6a92a19b9e
commit ba7c8b6841
12 changed files with 290 additions and 21 deletions
--- a/server/agent/commands/commands.nim
+++ b/server/agent/commands/commands.nim
@@ -1,19 +1,38 @@
-import ./[shell, sleep, pwd]
-export shell, sleep, pwd
+import ./[shell, sleep, pwd, cd, ls]
+export shell, sleep, pwd, cd, ls

 #[
    "Monarch" Agent commands:

-    Basic
-    ----- 
-    [~] shell       : Execute shell command (to be implemented using Windows APIs instead of execCmdEx)
-    [ ] pwd         : Get current working directory
-    [ ] cd          : Change directory
-    [ ] ls/dir      : List all files in directory (including hidden ones)
-    [ ] cat/type    : Display contents of a file
+    House-keeping
+    -------------
    [~] sleep       : Set sleep obfuscation duration to a different value and persist that value in the agent
    
-    Post-exploitation
+    Basic API-only Commands
+    -----------------------
+    [~] pwd         : Get current working directory
+    [~] cd          : Change directory
+    [ ] ls/dir      : List all files in directory (including hidden ones)
+    [ ] cat/type    : Display contents of a file
+    [ ] env         : Display environment variables
+    [ ] ps          : List processes
+    [ ] whoami      : Get UID and privileges, etc. 
+    
+    [ ] token       : Token impersonation
+        [ ] make    : Create a token from a user's plaintext password
+        [ ] steal   : Steal the access token from a process 
+        [ ] use     : Impersonate a token from the token vault
+    
+    Execution Commands
+    ------------------
+    [~] shell       : Execute shell command (to be implemented using Windows APIs instead of execCmdEx)
+    [ ] bof         : Execute Beacon Object File in memory and retrieve output (bof /local/path/file.o)
+            - Read from listener endpoint directly to memory
+            - Base for all kinds of BOFs (Situational Awareness, ...)
+    [ ] pe          : Execute PE file in memory and retrieve output (pe /local/path/mimikatz.exe)
+    [ ] dotnet      : Execute .NET assembly inline in memory and retrieve output (dotnet /local/path/Rubeus.exe ) 
+
+    Post-Exploitation
    -----------------
    [ ] upload      : Upload file from server to agent (upload /local/path/to/file C:\Windows\Tasks)
            - File to be downloaded moved to specific endpoint on listener, e.g. GET /<listener>/<agent>/<upload-task>/file
@@ -22,9 +41,4 @@ export shell, sleep, pwd
            - Create loot directory for agent to store files in 
            - Read file into memory and send byte stream to specific endpoint, e.g. POST /<listener>/<agent>/<download>-task/file
            - Encrypt file in-transit!!!
-    [ ] bof         : Execute Beacon Object File in memory and retrieve output (bof /local/path/file.o)
-            - Read from listener endpoint directly to memory
-    [ ] pe          : Execute PE file in memory and retrieve output (pe /local/path/mimikatz.exe)
-    [ ] dotnet      : Execute .NET assembly inline in memory and retrieve output (dotnet /local/path/Rubeus.exe ) 
-
 ]#