Commands Cheatsheet

1) shell (Run a command via cmd.exe)

2) run (Run a command to execute without cmd.exe)

3) execute (Run a program in the background without displaying output)

4) powershell (Run powershell)

5) powerpick (Run powershell cmdlets without powershell.exe)

6) psinject (Inject Unmanaged Powershell into a specific process and run your cmdlet from that location)

7) powershell-import [POWERSHELL_MODULE] (Imports a powershell module)

8) execute-assembly (Run a local .NET executable as a Beacon post-exploitation job)

9) cd (Change directory)

10) pwd (Print working directory)

11) setenv (Set an environment variable)

12) inline-execute ]args] (Execute a Beacon Object File (BOF) with the specified arguments.

13) spawn [ARCHITECTURE] [LISTENER] (Spawns a session for a listener)

14) spawnto [ARCHITECTURE] [/PATH/TO/PROGRAM.EXE] (Spawns a session to a specific program)

15) inject [PID] [ARCHITECTURE] (Inject a Beacon into a process)

16) dllinject [PID] (Inject a Reflective DLL into a process)

17) shiject [PID] [ARCHITECTURE] [/PATH/TO/FILE.bin] (Inject shellcode from a local file into a process on target)

18) shspawn [ARCHITECTURE] [/PATH/TO/FILE.bin] (Spawn the "spawn to" process and inject the specified shellcode file into that process)

19) dllload [PID] [c:\path\to\file.dll] (Load an on-disk DLL in another process)

20) ppid [PID] (Assign an alternate parent process for programs run by your Beacon Session)

21) runu (Execute a command with another process as the parent

22) spawnu (Spawns a temporary process, as a child of a specified process and inject a Beacon payload stage into it)

23) argue [COMMAND] [FAKE_ARGUMENTS] (Add a command to this internal list)

24) blocldlls start/stop (Ask Beacon to launch child processes with a binary signature policy that blocks non-Microsoft DLLs from the process space. Requires Windows 10)

25) download [FILE] (Downloads the requested file)

26) upload [FILE] (Uploads the requested file to the host)

27) timestomp (Updates the timestamps of a specified file to make it blend in with other files in the same folder)

28) cancel (Cancels download that's in progress)

29) file_browser (Opens the file browser tab in the current directory)

30) ls (List files in current directory)

31) mkdir (Make a directory)

32) rm (Removes a file or folder)

33) mv (Moves a file)

34) reg_query [x86|x64] [HIVE\path\to\key] (Query a specific key in the registry)

35) reg_query [x86|x64] [HIVE\path\to\key] [value] (Query a specific value within a registry key)

36) keylogger [PID] [ARCHITECTURE] (Injects a keylogger into a process)

37) screenshot [PID] [ARCHITECTURE] (Injects a screenshot tool into a process)

38) screenwatch (Continuously takes screenshots until you stop the screenwatch post-exploitation job)

39) printscreen (Uses a PrintScr keypress to place the screenshot onto the user's clipboard)

40) jobs (See which jobs are running in your Beacon)

41) jobkill [JOB_NUMBER] (Kill a job)

42) process_browser (Launches the process browser)

43) clear (Clears Beacon's task list. Use this if you make a mistake)

44) exit (Ask the Beacon to exit)

45) kill [PID] (Terminate a process)