-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathroyal.yaml
159 lines (153 loc) · 4.45 KB
/
royal.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# The royal.yaml file exists at the root of every agent project.
# It's used to set up the builder (and if applicable, translation) services.
# The following file is simply an EXAMPLE of how a royal.yaml config file looks like, and should not be used
# anywhere outside a testing environment.
name: Empress
version: 0.0.1
author: pygrum
url: https://github.com/pygrum/Empress
supported_os: [ windows, linux, darwin ]
cmd_schema:
- name: cd
usage: cd [path]
max_args: 1
opcode: 0
description_short: change current working directory
- name: ls
usage: ls [path]
max_args: 1
# When opcode is specified, the provided integer opcode is used in place of the command name, promoting better OpSec
opcode: 1
description_short: list files in a directory
- name: pwd
usage: pwd
max_args: 0 # - no need to specify again since it is 0 by default
opcode: 2
description_short: print current working directory
- name: whoami
usage: whoami
opcode: 3
description_short: show information about the current user
- name: id
usage: id
opcode: 3
description_short: alias for 'whoami' # because it uses the same opcode
- name: cat
usage: cat [path]
opcode: 4
min_args: 1
max_args: 1
description_short: print the contents of a file
- name: ps
usage: ps
opcode: 5
max_args: 0
description_short: list currently running processes
- name: kill
usage: kill [pids...]
opcode: 6
min_args: 1
description_short: kill the processes with the given PIDs
- name: exec
usage: exec [commands...]
opcode: 7
min_args: 1
description_short: execute commands on the target system
- name: rm
usage: rm [path...]
opcode: 8
min_args: 1
description_short: removes files or empty directories. use rmdir to remove a non-empty directory
- name: rmdir
usage: rmdir [dirs...]
opcode: 9
min_args: 1
description_short: removes any directory, regardless of whether it is empty or not
- name: env
usage: env [keys...]
max_args: -1
opcode: 10
description_short: get all environment variables if no args are specified, or environment variable values by names
- name: download
usage: download [files...]
opcode: 11
min_args: 1
description_short: download files from the c2 server
- name: upload
usage: upload [files...]
opcode: 12
min_args: 1
description_short: upload files to the c2 server
- name: cp
usage: cp [src] [dst]
opcode: 13
min_args: 2
max_args: 2
description_short: copy a file from src location to dst
- name: mv
usage: mv [src] [dst]
opcode: 14
min_args: 2
max_args: 2
description_short: move a file from src location to dst
- name: chmod
usage: chmod MODE [file]
opcode: 15
min_args: 2
max_args: 2
description_short: set file mode - e.g. 7777, 0100
- name: mkdir
usage: mkdir [dirs...]
opcode: 16
min_args: 1
description_short: create a directory / directories
- name: ifconfig
usage: ifconfig
opcode: 17
description_short: list host network interfaces
- name: shell
usage: shell RHOST RPORT
opcode: 18
min_args: 2
max_args: 2
description_short: initiate a reverse shell connection to a provided address
builder:
build_args:
- name: mode
type: string
description: the mode of the compiled agent - session / beacon
default: session
required: true
choices:
- session
- beacon
- name: use_tcp
type: bool
description: use the server's TLS listener for C2
default: false
required: false
- name: debug
type: bool
description: compile the agent in debug / verbose mode, meaning that all errors are included
default: false
required: true
- name: callback_interval
type: int
description: the agent attempts to register to the server every callback_interval±(callback_salt/1000) seconds
default: 10
required: true
- name: callback_salt
type: int
description: callback frequency variance in milliseconds
default: 1000
required: true
- name: interval
type: int
description: In beacon mode, the agent calls back to the C2 server every interval±(salt/1000) seconds
default: 10
required: true
- name: salt
type: int
description: beacon / command callback frequency variance in milliseconds
default: 1000
required: true