Listener Templates
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
GET /api/v2/listener-templates HTTP/1.1
Accept: */*
{
"records": [
{
"authors": [
{
"handle": "@harmj0y",
"link": "",
"name": ""
}
],
"category": "client_server",
"comments": [],
"description": "Starts a http[s] listener that uses a GET/POST approach.",
"id": "http",
"name": "HTTP[S]",
"options": {
"BindIP": {
"depends_on:": [],
"description": "The IP to bind to on the control server.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [
"0.0.0.0"
],
"value": "0.0.0.0"
},
"CertPath": {
"depends_on:": [],
"description": "Certificate path for https listeners.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Cookie": {
"depends_on:": [],
"description": "Custom Cookie Name",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "xNQsvLdAysjkonT"
},
"DefaultDelay": {
"depends_on:": [],
"description": "Agent delay/reach back interval (in seconds).",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "5"
},
"DefaultJitter": {
"depends_on:": [],
"description": "Jitter in agent reachback interval (0.0-1.0).",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "0.0"
},
"DefaultLostLimit": {
"depends_on:": [],
"description": "Number of missed checkins before exiting",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "60"
},
"DefaultProfile": {
"depends_on:": [],
"description": "Default communication profile for the agent.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "/admin/get.php,/news.php,/login/process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
},
"Headers": {
"depends_on:": [],
"description": "Headers for the control server.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "Server:Microsoft-IIS/7.5"
},
"Host": {
"depends_on:": [],
"description": "Hostname/IP for staging.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "http://192.168.0.20"
},
"KillDate": {
"depends_on:": [],
"description": "Date for the listener to exit (MM/dd/yyyy).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Launcher": {
"depends_on:": [],
"description": "Launcher string.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "powershell -noP -sta -w 1 -enc "
},
"Name": {
"depends_on:": [],
"description": "Name for the listener.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "http"
},
"Port": {
"depends_on:": [],
"description": "Port for the listener.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [
"1335",
"1336"
],
"value": ""
},
"Proxy": {
"depends_on:": [],
"description": "Proxy to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"ProxyCreds": {
"depends_on:": [],
"description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"StagerURI": {
"depends_on:": [],
"description": "URI for the stager. Must use /download/. Example: /download/stager.php",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"StagingKey": {
"depends_on:": [],
"description": "Staging key for initial agent negotiation.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "}q)jFnDKw&px/7QBhE9Y<6~[Z1>{+Ps@"
},
"UserAgent": {
"depends_on:": [],
"description": "User-agent string to use for the staging request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"WorkingHours": {
"depends_on:": [],
"description": "Hours for the agent to operate (09:00-17:00).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
}
},
"software": "",
"tactics": [],
"techniques": []
}
]
}GET /api/v2/listener-templates/{uid} HTTP/1.1
Accept: */*
{
"authors": [
{
"handle": "@harmj0y",
"link": "",
"name": ""
}
],
"category": "client_server",
"comments": [],
"description": "Starts a http[s] listener that uses a GET/POST approach.",
"id": "http",
"name": "HTTP[S]",
"options": {
"BindIP": {
"depends_on:": [],
"description": "The IP to bind to on the control server.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [
"0.0.0.0"
],
"value": "0.0.0.0"
},
"CertPath": {
"depends_on:": [],
"description": "Certificate path for https listeners.",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Cookie": {
"depends_on:": [],
"description": "Custom Cookie Name",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "xNQsvLdAysjkonT"
},
"DefaultDelay": {
"depends_on:": [],
"description": "Agent delay/reach back interval (in seconds).",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "5"
},
"DefaultJitter": {
"depends_on:": [],
"description": "Jitter in agent reachback interval (0.0-1.0).",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "0.0"
},
"DefaultLostLimit": {
"depends_on:": [],
"description": "Number of missed checkins before exiting",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "60"
},
"DefaultProfile": {
"depends_on:": [],
"description": "Default communication profile for the agent.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "/admin/get.php,/news.php,/login/process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
},
"Headers": {
"depends_on:": [],
"description": "Headers for the control server.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "Server:Microsoft-IIS/7.5"
},
"Host": {
"depends_on:": [],
"description": "Hostname/IP for staging.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "http://192.168.0.20"
},
"KillDate": {
"depends_on:": [],
"description": "Date for the listener to exit (MM/dd/yyyy).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"Launcher": {
"depends_on:": [],
"description": "Launcher string.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "powershell -noP -sta -w 1 -enc "
},
"Name": {
"depends_on:": [],
"description": "Name for the listener.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "http"
},
"Port": {
"depends_on:": [],
"description": "Port for the listener.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [
"1335",
"1336"
],
"value": ""
},
"Proxy": {
"depends_on:": [],
"description": "Proxy to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"ProxyCreds": {
"depends_on:": [],
"description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"StagerURI": {
"depends_on:": [],
"description": "URI for the stager. Must use /download/. Example: /download/stager.php",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
},
"StagingKey": {
"depends_on:": [],
"description": "Staging key for initial agent negotiation.",
"internal": false,
"required": true,
"strict": false,
"suggested_values": [],
"value": "}q)jFnDKw&px/7QBhE9Y<6~[Z1>{+Ps@"
},
"UserAgent": {
"depends_on:": [],
"description": "User-agent string to use for the staging request (default, none, or other).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": "default"
},
"WorkingHours": {
"depends_on:": [],
"description": "Hours for the agent to operate (09:00-17:00).",
"internal": false,
"required": false,
"strict": false,
"suggested_values": [],
"value": ""
}
},
"software": "",
"tactics": [],
"techniques": []
}