This section will quickly go from first connection to running a basic agent.

Operations

When you first start Apfell, you won't have an operation select as your current operation. Your current operation is indicated in the top bar in big purple letters. Since once isn't selected, you're alerted to that in big red letters. You can always click on the operation name to get back to the operations management page.

Go to "Manage Operations" -> "Operations Management" from the top navigation bar. There will initially just be the one row for the default operation. Select this as your current one and the top navigation bar should update to reflect this.

Creating a Payload

You need a payload to use. Go to "Create Components" -> "Create Payload" from the top navigation bar.

Select the default C2 Profile. From here, you'll supply the values that will go into your agent. Change the callback_host value with the IP or domain of your Apfell server or, if you're using a redirector, provide that information here. Similarly, update the callback_port value with the port your agent will be using. Click Next.

Select the Payload Type you'd like to create. For the purpose of this walkthrough, pick the apfell-jxa payload type. Provide a name for the agent, such as testing.js and provide a description that will auto populate the description field for any callbacks created based on this payload. Click Next.

Finally, select any commands you want stamped into the payload initially. You can always load commands in later, but for this walkthrough select all of them. Click Next.

You'll get a chance to see all of your values before finally clicking Submit.

Once you click submit, you'll get a series of popups in the top right corner giving feedback about the creation process. The blue notification popups will go away after a few seconds, but the green success or red error messages must be manually dismissed. This provides information about your newly created agent.

Using the Payload

Navigate to the "Manage Operations" -> "Payload Management" page from the top of the navigation bar. This is where you'll be able to see all of the payloads created for the current operation (top section) and information about all of the payload types that Apfell knows about globally (bottom section). You can delete the payload, host it at a specific URL, view the configuration, or download the payload. For this walkthrough, download the payload.

Now move the payload over to your target system and execute it. The testing.js payload can be run with osascript and the file name, or you can click config and you'll see a handy one-liner you can customize to run the payload. Once you've done that, head to the "Operational Views" -> "Active Callbacks" page from the top navigation bar.

Callback Interaction

This is where you'll be able to interact with any callback in the operation. Click the "Interact" button to bring up information in the bottom pane where you can type out commands and issue them to the agent.