Once CP receives an agent connection, you will hear an audible alarm, and under the remote shells, the new connection can be seen.
To identify the agents a unique ID is created, this way you can use the autoexec function to prepare commands to be run for all new agents or one in specific. This functionality is particularly useful during APT-simulated attacks.
Each agent has a different function, but with most of them, you can interact using a shell, take a screenshot, upload and download files from the target, and run a basic information-gathering script from the agent itself.
Using the Remote Terminal, shell interaction with the selected agent is possible, or by typing the command "Help" you can discover special commands available for that agent.
On top of the Remote Terminal, per agent, a set of basic commands, as icons, is available. The description of each command is self-explanatory.
We have made available a set of privesc scripts for these agents, in AVs and EDR environments you have to be completely sure of what you are about to run to remain under the radar. These scripts might trigger one or more detection rules.
The features available for CP Agents among others are:
- File upload/download
- Remote shell
- Screenshot capture
The operating systems supported by CP agents:
- Net (Windows)
- DLL (Windows)
- Browser (Multi)
- Python (Multi)
Here is an example of features available to different agents. In the first, a browser shell, commands such as keylogger, plugins, and sessions become available. In the second, a .Net shell, we can make use of commands like grab info, screenshot, webcam, etc.
Discover client-side software and version information that your target uses to identify potential known vulnerabilities. Make use of Control Pack agents to log keystrokes, take screenshots, download files, and execute other payloads.