AxFunction
Data Model
agents
Get information about all agents calling back to this Adaptix teamserver.
AGENT[id] ax.agents();// AGENT STRUCT
string agent["id"]
string agent["type"]
string agent["listener"]
string agent["external_ip"]
string agent["internal_ip"]
string agent["domain"]
string agent["computer"]
string agent["username"]
string agent["impersonated"]
string agent["process"]
string agent["arch"]
int agent["pid"]
int agent["tid"]
int agent["gmt"]
bool agent["elevated"]
string agent["tags"]
bool agent["async"]
int agent["sleep"]
string agent["os_full"]Example
var agents = ax.agents();
for (var id in agents) {
ax.log("Agent ID: " + id);
var agent = agents[id];
for (var key in agent) {
ax.log(" " + key + ": " + agent[key]);
}
}
credentials
Returns a list of credentials.
CRED[id] ax.credentials()// CRED STRUCT
cred["id"]
cred["username"]
cred["password"]
cred["realm"]
cred["type"]
cred["tag"]
cred["date"]
cred["storage"]
cred["agent_id"]
cred["host"]Example
var creds = ax.credentials();
for (var id in creds) {
ax.log("Cred ID: " + id);
var cred = creds[id];
for (var key in cred) {
ax.log(" " + key + ": " + cred[key]);
}
}
downloads
Returns a list of downloads.
DOWNLOAD[id] ax.downloads()// DOWNLOAD STRUCT
download["id"]
download["agent_id"]
download["agent_name"]
download["user"]
download["computer"]
download["filename"]
download["recv_size"]
download["total_size"]
download["date"]
download["state"]Example
var downloads = ax.downloads();
for (var id in downloads) {
ax.log("Download ID: " + id);
var dw = downloads[id];
for (var key in dw) {
ax.log(" " + key + ": " + dw[key]);
}
}
screenshots
Returns a list of screenshots.
SCREEN[id] ax.screenshots()// SCREEN STRUCT
screen["id"]
screen["user"]
screen["computer"]
screen["note"]
screen["date"]Example
var screenshots = ax.screenshots();
for (var id in screenshots) {
ax.log("Screen ID: " + id);
var screen = screenshots[id];
for (var key in screen) {
ax.log(" " + key + ": " + screen[key]);
}
}
targets
Returns a list of targets.
TARGET[id] ax.targets()// TARGET STRUCT
target["id"]
target["computer"]
target["domain"]
target["address"]
target["tag"]
target["date"]
target["info"]
target["alive"]
target["owned"]
target["os"]
target["os_desc"]Example
var targets = ax.targets();
for (var id in targets) {
ax.log("Target ID: " + id);
var targ = targets[id];
for (var key in targ) {
ax.log(" " + key + ": " + targ[key]);
}
}
tunnels
Returns a list of tunnels.
TUNNEL[id] ax.tunnels()// TUNNEL STRUCT
tunnel["id"]
tunnel["agent_id"]
tunnel["username"]
tunnel["computer"]
tunnel["process"]
tunnel["type"]
tunnel["info"]
tunnel["interface"]
tunnel["port"]
tunnel["client"]
tunnel["f_port"]
tunnel["f_host"]Example
var tunnels = ax.tunnels();
for (var id in tunnels) {
ax.log("Tunn ID: " + id);
var tun = tunnels[id];
for (var key in tun) {
ax.log(" " + key + ": " + tun[key]);
}
}
Functions
The following is a list of AxScript's functions:
agents
agent_info
Get information from a agent session's metadata.
any ax.agent_info(string id, string property)id- agent IDproperty- CRED property (see here)
agent_hide
Hide agents from Sessions Table.
void ax.agent_hide(string[] ids)ids- array of agent ids
agent_remove
Remove agents from server.
void ax.agent_hide(string[] ids)ids- array of agent ids
agent_set_color
Set color for agent's item in Session Table
void ax.agent_set_color(string[] ids, string background, string foreground, bool reset);ids- array of agent idsbackground- item background color in hex RGBforeground- item text color in hex RGBreser- if true, reset the color to default
agent_set_impersonate
Set impersonate for agent's item in Session Table
void ax.agent_set_impersonate(string id, string impersonate, bool elevated);id- agent IDimpersonate- impersonated userelevated- is impersonated user elevated
agent_set_mark
Set mark for agent's item in Session Table
void ax.agent_set_mark(string id, string mark);id- agent IDmark- agent's mark ("Terminated", "Inactive", "Disconnect", empty "" for active).
agent_set_tag
Set tag for agent's item in Session Table
void ax.agent_set_tag(string id, string tag);id- agent IDtag- agent's tag
arch
Returns the architecture of agent session (e.g., x86 or x64)
string ax.arch(string id);id- agent ID
bof_pack
Pack arguments in a way that's suitable for BOF APIs to unpack. To transmit binary data to the server, the function will encode it in base64.
string ax.bof_pack(string types, any[] args);types- a set of comma separated string types for BOF's argumentsargs- array of BOF's arguments
bytes
binary data
BeaconDataExtract
int
4-byte integer
BeaconDataInt
short
2-byte short integer
BeaconDataShort
cstr
zero-terminated+encoded string
BeaconDataExtract
wstr
zero-terminated wide-char string
(wchar_t *)BeaconDataExtract
copy_to_clipboard
Copy text to client's clipboard.
void ax.copy_to_clipboard(string text);console_message
Print an output message and text to the agent console.
void ax.console_message(string id, string message, string type = "", string text = "");id- agent IDmessage- brief messagetype- message type ("info", "success", or "error")text- text output
Example
ax.console_message("47ca27cf", "Info message\n", "info", "This is\nmulti line\ntext");
ax.console_message("47ca27cf", "Error message\n", "error");
credentials
credentials_add
Save the specified credentials in Credentials Manager
void ax.credentials_add(string username, string password, string realm = "", string type = "password", string tag = "", string storage = "manual", string host = "");username- creds usernamepassword- creds secretrealm- creds domain/realmtype- creds type (possible "password", "hash", "rc4", "aes128", "aes256", "token")tag- creds tagstorage- creds container (possible "browser", "dpapi", "database", "sam", "lsass", "ntds", "manual")host- the host where the credentials were stored
credentials_add_list
Save a list of creds in the Credentials Manager
void ax.credentials_add_list(cred[] array);// cred STRUCT
string cred.username
string cred.password
string cred.realm
string cred.type
string cred.tag
string cred.storage
string cred.hostcreate_command
create_commands_group
execute_alias
execute_browser
execute_command
file_basename
Returns the filename
string ax.file_basename(string path);path- full filename
file_exists
Checks if a file exists
bool ax.file_exists(string path);path- full filename
file_read
Reads a file and returns base64 encoded contents
string ax.file_read(string path);path- full filename
file_write_text
Writes text data to a file and returns true if the write is successful.
bool ax.file_write_text(string path, string text);path- full filenametext- text data
format_time
Convert UNIX Epoch Time to date/time string value.
string ax.format_time(string format, int unixtime);format- datetime format (e.g. "dd/MM/yyyy hh:mm:ss")unixtime- UNIX Epoch Time value
format_size
Converts bytes into a convenient format
string ax.format_size(int bytes);
get_commands
Returns a list of available commands for the agent.
string[] get_commands(string id);id- agent ID
hash
Returns a hash string in hex format.
string ax.hash(string algorithm, int length, string data)algorithm- hash "sha1" or "md5";length- length of the returned stringdata- data to be hashed
interfaces
Returns a list of network interfaces of the teamserver
string[] ax.interfaces()
ids
Returns a list of agent ids
string[] ax.ids()
is64
Check if a session is on an x64 system or not
bool ax.is64(string id);id- agent ID
isactive
Returns true if the agent is active
bool ax.isactive(string id);id - agent ID
isadmin
Check if a session has admin rights
bool ax.isadmin(string id);id- agent ID
log / log_error
Print text to AxScript Console.
void ax.log(string text);
void ax.log_error(string text);
open_agent_console
Open the console to interact with a agent
void ax.open_agent_console(string id);id- agent ID
open_access_tunnel
Open the tunnel creation dialog window
void ax.open_access_tunnel(string id, bool socks4, bool socks5, bool lportfwd, bool rportfwd);id- agent IDsocks4- is agent support socks4socks5- is agent support socks5lportfwd- is agent support local port forwardingrportfwd- is agent support reverse port forwarding
open_browser_files
Open the File Browser for a agent
void ax.open_browser_files(string id);id- agent ID
open_browser_process
Open the Process Browser for a agent
void ax.open_browser_process(string id);id- agent ID
open_remote_terminal
Open the Interactive Terminal for a agent
void ax.open_remote_terminal(string id);id- agent ID
prompt_confirm
Show a confirm dialog.
string prompt_confirm(string caption, string text);caption- title of the dialogtext- Text question
prompt_open_file
Show a file open dialog.
string prompt_open_file(string caption = "Select file", string filter = "");caption- title of the dialogfilter- filter for selecting files
prompt_open_dir
Show a directory open dialog.
string prompt_open_dir(string caption = "Select directory");caption- title of the dialog
prompt_save_file
Show a file save dialog.
string prompt_save_file(string filename, string caption = "Select file", string filter = "");filename- default filenamecaption- title of the dialogfilter- filter for selecting files
random_string
Generates a random string of length len from a set of characters set.
string random_string(int len, string set);set- set of characters (alphanumeric,alphabetic,numericorhex)
random_int
Generates a random int value.
int random_int(int min, int max);min- min valuemax- max value
register_commands_group
script_import
Import AxScript script into current script's env.
string script_import(string path);path- path to script file
script_load
Load a new script to AxScript Manager
string script_load(string path);path- path to script file
script_unload
Unload a script from the AxScript Manager
string script_unload(string path);path- path to script file
script_dir
Returns the directory where the script is located.
string script_dir();show_message
Shows a message to the user in a dialog box. Use this function to relay information.
void show_message(string title, string text);title- title of the dialogtext- the message text
targets_add
Save the specified target in Targets Manager
void ax.targets_add(string computer, string domain, string address, string os = "unknown", string osDesc = "", string tag = "", string info = "", bool alive = true);computer- computer namedomain- domain nameaddress- IP addressos- OS type (possible "windows", "linux", "macos")osDesc- detailed information about OStag- taginfo- infoalive- true if the host is alive
targets_add_list
Save a list of targets in the Targets Manager
void ax.targets_add_list(target[] array);// target STRUCT
string target.computer
string target.domain
string target.address
string target.tag
string target.info
string target.os_desc
string target.os ["windows", "linux", "macos"]
bool target.aliveticks
UNIX Epoch Time value
int ticks();validate_command
Checks the validity of the entered command and returns full information
cmd_info ax.validate_command(string id, string command);id- agent IDcommand- agents command
// cmd_info STRUCT
bool info["valid"]
string info["message"]
bool info["is_pre_hook"]
bool info["has_output"]
bool info["has_post_hook"]
map{} info["parsed"]Example
let cmd = ax.validate_command("551757de", "socks start 1080");
cmd.valid
let cmd = ax.validate_command("551757de", "socks start");
cmd.message
Last updated