Interacting and managing clients

Once a victim executes your implant, you will receive a connection. You can view your connections using the clients (aliased c) command and listeners --clients/l -c. To interact with a client you can use the interact (aliased i) command by providing the client id, for example interact 0/i 0.

Once you started interacting with clients, the prompt will change to something like (username@hostname) nimc2 >. A star will be added after the username indicating that the implant started as administrator or root (in case of linux).

Commands

When you are interacting with a client, you unlock few commands. These commands are listed in the Client Interaction category in the help command:

• info: show info about the client

• shell "[command]": this run a command on a target computer. If no command is supplied, you get put in a shell mode where all of your commands from that point on will be ran as a shell command. To exit shell mode, use the back command.
• cmd "[command]": run a command by spawning cmd.exe
• download "[path]": download a file and print it's contents
• upload "[local path]" "[remote path]": upload a file
• msgbox "[title]" "[caption]": spawn a message box on Windows
• tokeninfo: see your token groups and integrity
• processes/ps: view the processes on the target