Skip to content

Module Commands

Jump to bottom
Maxime Landon edited this page Feb 23, 2020 · 3 revisions

Functionatiy of Wiregost is mostly expressed and used through modules, that are very much like Metasploit modules. They are of different categories (payload, post, auxiliary).

Using a Module

To use a module (here a payload):

Module-Use

You can then list the information and options of the module:

Module-Info

You can also simply type options to just show options.

In the present case, the module used is a payload module: to have more complete documentation, go check Payload Modules. Options, in this case are separated in two categories: Listener and Implant.

We set here the Listener host:

Set-HostMTLS

And we set here the Domain (host:port, or host:url) for the MTLS implant. It will callback to this address when spawned on the target.

Set-DomainMTLS

Each time an option is set, its current value is both:

  • Changed in the module object that is kept by the client
  • Sent to the C2 Server, that will change its own version of the module object.

Available Commands

In addition to all main shell commands (all the ones evoqued in the previous pages), module-specific commands are available. Some are common to all module types, like run and set. The run command will always start the main functionality of the module. For payload modules, for instance, it will compile the implant payload, while for post modules it will run the module on the implant's target.

Some will vary depending on the module type:

  • For payload module:
    • to_listener: (equivalent of to_handler in Metasploit) will spawn a listener
    • to_profile: Generate an implant profile based on current implant options
    • parse_profile: Parse a profile in the current module

Completions

Module-Option-Completions

All options for a module are completed. However, there are several things to note:

  • Because some payload modules have multiple protocols, options need to have a different name, so that completed options may slightly differ from their displayed names. Don't panic, however, because they are always sorted in the same order than their display order. So, in the example above, the DomainsMTLS is displayed as Domains, and its completion index is [2], which is the same than the display index.
  • A more thorough illustration of this can be found at Multi-Protocol Payloads.

Overview

Install

Data Service

C2 Server

Console

Modules

Implants

Writing Modules

Configuration

Clone this wiki locally