Listener Templates

Get Listener Templates

get

Responses

200

Successful Response

application/json

400

Bad request

application/json

404

Not found

application/json

get

/api/v2/listener-templates

GET /api/v2/listener-templates HTTP/1.1
Accept: */*

{
  "records": [
    {
      "authors": [
        {
          "handle": "@harmj0y",
          "link": "",
          "name": ""
        }
      ],
      "category": "client_server",
      "comments": [],
      "description": "Starts a http[s] listener that uses a GET/POST approach.",
      "id": "http",
      "name": "HTTP[S]",
      "options": {
        "BindIP": {
          "depends_on:": [],
          "description": "The IP to bind to on the control server.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [
            "0.0.0.0"
          ],
          "value": "0.0.0.0"
        },
        "CertPath": {
          "depends_on:": [],
          "description": "Certificate path for https listeners.",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": ""
        },
        "Cookie": {
          "depends_on:": [],
          "description": "Custom Cookie Name",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": "xNQsvLdAysjkonT"
        },
        "DefaultDelay": {
          "depends_on:": [],
          "description": "Agent delay/reach back interval (in seconds).",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "5"
        },
        "DefaultJitter": {
          "depends_on:": [],
          "description": "Jitter in agent reachback interval (0.0-1.0).",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "0.0"
        },
        "DefaultLostLimit": {
          "depends_on:": [],
          "description": "Number of missed checkins before exiting",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "60"
        },
        "DefaultProfile": {
          "depends_on:": [],
          "description": "Default communication profile for the agent.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "/admin/get.php,/news.php,/login/process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
        },
        "Headers": {
          "depends_on:": [],
          "description": "Headers for the control server.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "Server:Microsoft-IIS/7.5"
        },
        "Host": {
          "depends_on:": [],
          "description": "Hostname/IP for staging.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "http://192.168.0.20"
        },
        "KillDate": {
          "depends_on:": [],
          "description": "Date for the listener to exit (MM/dd/yyyy).",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": ""
        },
        "Launcher": {
          "depends_on:": [],
          "description": "Launcher string.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "powershell -noP -sta -w 1 -enc "
        },
        "Name": {
          "depends_on:": [],
          "description": "Name for the listener.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "http"
        },
        "Port": {
          "depends_on:": [],
          "description": "Port for the listener.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [
            "1335",
            "1336"
          ],
          "value": ""
        },
        "Proxy": {
          "depends_on:": [],
          "description": "Proxy to use for request (default, none, or other).",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": "default"
        },
        "ProxyCreds": {
          "depends_on:": [],
          "description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": "default"
        },
        "StagerURI": {
          "depends_on:": [],
          "description": "URI for the stager. Must use /download/. Example: /download/stager.php",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": ""
        },
        "StagingKey": {
          "depends_on:": [],
          "description": "Staging key for initial agent negotiation.",
          "internal": false,
          "required": true,
          "strict": false,
          "suggested_values": [],
          "value": "}q)jFnDKw&px/7QBhE9Y<6~[Z1>{+Ps@"
        },
        "UserAgent": {
          "depends_on:": [],
          "description": "User-agent string to use for the staging request (default, none, or other).",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": "default"
        },
        "WorkingHours": {
          "depends_on:": [],
          "description": "Hours for the agent to operate (09:00-17:00).",
          "internal": false,
          "required": false,
          "strict": false,
          "suggested_values": [],
          "value": ""
        }
      },
      "software": "",
      "tactics": [],
      "techniques": []
    }
  ]
}

Get Listener Template

get

Path parameters

uidstringRequired

Responses

200

Successful Response

application/json

idstringRequired

namestringRequired

descriptionstringRequired

categorystringRequired

commentsstring[]Required

tacticsstring[]Required

techniquesstring[]Required

softwareany ofOptional

stringOptional

nullOptional

400

Bad request

application/json

404

Not found

application/json

422

Validation Error

application/json

get

/api/v2/listener-templates/{uid}

GET /api/v2/listener-templates/{uid} HTTP/1.1
Accept: */*

{
  "authors": [
    {
      "handle": "@harmj0y",
      "link": "",
      "name": ""
    }
  ],
  "category": "client_server",
  "comments": [],
  "description": "Starts a http[s] listener that uses a GET/POST approach.",
  "id": "http",
  "name": "HTTP[S]",
  "options": {
    "BindIP": {
      "depends_on:": [],
      "description": "The IP to bind to on the control server.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [
        "0.0.0.0"
      ],
      "value": "0.0.0.0"
    },
    "CertPath": {
      "depends_on:": [],
      "description": "Certificate path for https listeners.",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": ""
    },
    "Cookie": {
      "depends_on:": [],
      "description": "Custom Cookie Name",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": "xNQsvLdAysjkonT"
    },
    "DefaultDelay": {
      "depends_on:": [],
      "description": "Agent delay/reach back interval (in seconds).",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "5"
    },
    "DefaultJitter": {
      "depends_on:": [],
      "description": "Jitter in agent reachback interval (0.0-1.0).",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "0.0"
    },
    "DefaultLostLimit": {
      "depends_on:": [],
      "description": "Number of missed checkins before exiting",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "60"
    },
    "DefaultProfile": {
      "depends_on:": [],
      "description": "Default communication profile for the agent.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "/admin/get.php,/news.php,/login/process.php|Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
    },
    "Headers": {
      "depends_on:": [],
      "description": "Headers for the control server.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "Server:Microsoft-IIS/7.5"
    },
    "Host": {
      "depends_on:": [],
      "description": "Hostname/IP for staging.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "http://192.168.0.20"
    },
    "KillDate": {
      "depends_on:": [],
      "description": "Date for the listener to exit (MM/dd/yyyy).",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": ""
    },
    "Launcher": {
      "depends_on:": [],
      "description": "Launcher string.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "powershell -noP -sta -w 1 -enc "
    },
    "Name": {
      "depends_on:": [],
      "description": "Name for the listener.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "http"
    },
    "Port": {
      "depends_on:": [],
      "description": "Port for the listener.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [
        "1335",
        "1336"
      ],
      "value": ""
    },
    "Proxy": {
      "depends_on:": [],
      "description": "Proxy to use for request (default, none, or other).",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": "default"
    },
    "ProxyCreds": {
      "depends_on:": [],
      "description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": "default"
    },
    "StagerURI": {
      "depends_on:": [],
      "description": "URI for the stager. Must use /download/. Example: /download/stager.php",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": ""
    },
    "StagingKey": {
      "depends_on:": [],
      "description": "Staging key for initial agent negotiation.",
      "internal": false,
      "required": true,
      "strict": false,
      "suggested_values": [],
      "value": "}q)jFnDKw&px/7QBhE9Y<6~[Z1>{+Ps@"
    },
    "UserAgent": {
      "depends_on:": [],
      "description": "User-agent string to use for the staging request (default, none, or other).",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": "default"
    },
    "WorkingHours": {
      "depends_on:": [],
      "description": "Hours for the agent to operate (09:00-17:00).",
      "internal": false,
      "required": false,
      "strict": false,
      "suggested_values": [],
      "value": ""
    }
  },
  "software": "",
  "tactics": [],
  "techniques": []
}

PreviousListeners NextMeta

Last updated 1 month ago

Was this helpful?

hashtagGet Listener Templates

hashtagGet Listener Template

Get Listener Templates

Get Listener Template