shell
General
Section titled “General”shell allows you to start a shell and interact with it.
It is not Opsec.
[Session 9: haroun@DESKTOP-DU89UIV] » shell --help
start and interact with shell (not opsec)
Usage: shell [flags]
Flags: -h, --help display help
Sub Commands: interact interact with interactive shell list list all interactive shell start start interactive shellIt requires you to load the shell DLL with load-module shell.
Shell Start
Section titled “Shell Start”You can start a shell with
[Session 9: haroun@DESKTOP-DU89UIV] » shell startList Shells
Section titled “List Shells”You can list shells with
[Session 9: haroun@DESKTOP-DU89UIV] » shell listYou will receive the list of PIDs of the shells
[Session 9: haroun@DESKTOP-DU89UIV] » shell list+--------+-----------+---------+------------+| TASKID | SESSIONID | STATE | COMMAND |+--------+-----------+---------+------------+| 73 | 9 | pending | shell list |+--------+-----------+---------+------------+[Session 9: haroun@DESKTOP-DU89UIV] »Started Shells--------------6596Interact with Shell
Section titled “Interact with Shell”You can interact with a specific shell with
[Session 9: haroun@DESKTOP-DU89UIV] » shell interact 6596The result will be something like
[Session 9: haroun@DESKTOP-DU89UIV] » shell interact 6596+--------+-----------+---------+---------------------------+| TASKID | SESSIONID | STATE | COMMAND |+--------+-----------+---------+---------------------------+| 74 | 9 | pending | shell interact-start 6596 |+--------+-----------+---------+---------------------------+< Will Interact with Shell >Microsoft Windows [Version 10.0.19045.6093](c) Microsoft Corporation. All rights reserved.
C:\Users\haroun>powershellpowershellWindows PowerShellCopyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Users\haroun> whoamiwhoamidesktop-du89uiv\harounPS C:\Users\haroun>To go back the menu just press <CTRL+C> then <Enter>
PS: It is recommended to decrease sleep of the beacon (see - sleep)