Beacon

This version of the Beacon agent is not designed for AV or EDR evasion and is therefore not OPSEC compliant. Beacon is primarily intended to test and demonstrate the capabilities of AdaptixC2. However, the Beacon agent can be easily extended and modified, making it compatible with various AV evasion methods.

Configuration

Beacon currently only supports Windows OS.

The Beacon can be generated for x64 and x86 architectures in the following formats: EXE, DLL, Service Executable, Shellcode. The Service name is set for the Service Executable.

The KillDate parameter sets the date and time of the beacon's death (GMT+0 format).

The WorkingTime parameter sets the time interval during which the beacon will be active (local time on the target host).

Commands

Beacon currently supports the following commands.

Commands marked with * have subcommands.

Filesystem Commands

Command

Description

cat

Read first 2048 bytes of the specified file

Change current working directory

Copy file

disks

Lists mounted drives on current system

Lists files in a folder

Move file

mkdir

Make a directory

pwd

Print current working directory

Remove a file or folder

Exfiltration commands

Command

Description

download

Download a file

upload

Upload a file

profile download.chunksize

Change the exfiltrate data size for download request (default 128000)

exfil cancel

Cancels a download

exfil start

Resumes a download that's has been stoped

exfil stop

Stops a download that's in-progress

Tunnel commands

Command

Description

socks start

Start a SOCKS4/5 proxy server (with/out auth) and listen on a specified port

socks stop

Stop a SOCKS proxy server

lportfwd start

Start local port forwarding from server via agent

lportfwd stop

Stop local port forwarding

rportfwd start

Start remote port forwarding from agent via server

rportfwd stop

Stop remote port forwarding

Since Bacon is an asynchronous agent, proxy scanning should be performed with no more than four threads. Tested on NetExec SMB... Agent does not switch sleep time automatically. Use sleep 0

Process commands

Command

Description

ps list

Show process list

ps kill

Kill a process with a given PID

ps run

Run a program

Link commands

Command

Description

link smb

Connect to an SMB agent and re-establish control of it

link tcp

Connect to an TCP agent and re-establish control of it

unlink

Disconnect from an pivot agent

Post-exploitation commands

Command

Description

jobs list

List of jobs

jobs kill

Kill a specified job

execute bof

Execute Beacon Object File

getuid

Prints the User ID associated with the current token

rev2self

Revert to your original access token

Agent command

Command

Description

sleep

Sets sleep time

terminate thread

Terminate the main beacon thread (without terminating the process)

terminate process

Terminate the beacon process

profile workingtime

Set the start and end time of the beacon activity. Time interval in the format 'HH:mm(start)-HH:mm(end)'. Set 0 to disable the option.

profile killdate

Set the date and time for the beacon to stop working. Datetime 'DD.MM.YYYY hh:mm:ss' in GMT format. Set 0 to disable the option

PreviousAgents NextBeacon BOFs

Last updated 18 days ago