This section will quickly go from first connection to running a basic agent.
When you log in with the admin account, you'll automatically have your current operation set to the default operation. Your current operation is indicated in the top bar in big letters. When other operators sign in for the first time, they won't have an operation set to their current operation. In this case you're alerted to that in big red letters. You can always click on the operation name to get back to the operations management page.
You need a payload to use. Go to "Create Components" -> "Create Payload" from the top navigation bar.
You'll be prompted to select which operating system. This is used to filter down possible payloads to generate. For c2 profiles, select the
HTTP profile associated with the agent you want to generate. Change the
Callback host parameter to be where you want the agent to connect to (if you're using redirectors, you specify that here), similarly specify the
Callback port for where you want the agent to connect to.
Select the Payload Type you'd like to create. For the purpose of this walkthrough, pick the
apfell payload type. Provide a name for the agent (a default one is auto populated) and provide a description that will auto populate the description field for any callbacks created based on this payload. Click
Finally, select any commands you want stamped into the payload initially. You can always load commands in later, but for this walkthrough select all of them. Click
Once you click submit, you'll get a series of popups in the top right corner giving feedback about the creation process. The blue notification popups will go away after a few seconds, but the green success or red error messages must be manually dismissed. This provides information about your newly created agent.
Navigate to the "Operational Views" -> "Created Payloads" page from the top of the navigation bar. This is where you'll be able to see all of the payloads created for the current operation. You can delete the payload, view the configuration, or download the payload. For this walkthrough, download the payload.
Now move the payload over to your target system and execute it. The
apfell.js payload can be run with
osascript and the file name. Once you've done that, head to the "Operational Views" -> "Active Callbacks" page from the top navigation bar.
This is where you'll be able to interact with any callback in the operation. Click the button for the row with your new agent to bring up information in the bottom pane where you can type out commands and issue them to the agent.