### Invoke ConPtyShell Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Executes the Invoke-ConPtyShell.ps1 script against a PowerShell backdoor session to obtain a fully interactive terminal. Requires gnome-terminal to be installed for the pop-up window. ```APIDOC Villain CLI Commands: Conptyshell: Command: conptyshell Description: Automatically executes Invoke-ConPtyShell.ps1 against a PowerShell backdoor for a fully interactive shell. Syntax: conptyshell Parameters: IP or INTERFACE: The IP address or network interface of the target. PORT: The port to use for the netcat listener. SESSION ID or ALIAS: The identifier for the target shell session. Requirements: - Requires `gnome-terminal` to be installed. - Currently works only for powershell.exe backdoors. ``` -------------------------------- ### Start Interactive Shell Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Initiates an interactive pseudo-shell for an active shell session. The stability of the pseudo-shell depends on the underlying shell session quality, with TCP-based shells being more stable. ```APIDOC Villain CLI Commands: The shell Command: Command: shell Description: Starts an interactive pseudo-shell for a given session. Syntax: shell Parameters: SESSION ID or ALIAS: The identifier for the active shell session. Interaction: - Press Ctrl + C or type `exit` to return to the main Villain prompt. ``` -------------------------------- ### Install Villain via APT Source: https://github.com/t3l3machus/villain/blob/main/README.md Installs the Villain framework directly from Kali Linux repositories using the apt package manager. This is the simplest installation method for users on Kali Linux. ```Shell apt install villain ``` -------------------------------- ### Install Villain Manually Source: https://github.com/t3l3machus/villain/blob/main/README.md Installs the latest version of Villain by cloning the repository and installing dependencies. This method is recommended for users who need the most recent features or are not on Kali Linux. ```Shell git clone https://github.com/t3l3machus/Villain cd ./Villain pip3 install -r requirements.txt ``` -------------------------------- ### Villain CmdInspector Command Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Toggles the Session Defender feature, which inspects user-issued shell commands for input that might cause a backdoor shell session to hang. This includes unclosed quotes, backticks, or commands that start new interactive sessions. ```APIDOC cmdinspector - **Description**: Use the `cmdinspector` command to turn the Session Defender feature on or off. This feature inspects user issued shell commands for input that may cause a backdoor shell session to hang (e.g., unclosed single/double quotes or backticks, commands that may start a new interactive session within the current shell and more). - **Parameters**: - `ON/OFF`: A flag to enable or disable the command inspector feature. ``` -------------------------------- ### Connect to Sibling Server Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Establishes a connection to another machine running Villain, allowing for the sharing of shell sessions. Requires the IP address and team server port of the sibling server. ```APIDOC Villain CLI Commands: Connect With Sibling Server: Command: connect Description: Connects to and shares shell sessions with another Villain instance. Syntax: connect Parameters: IP: The IP address of the sibling Villain server. TEAM SERVER PORT: The port the sibling Villain server is listening on (default is 65001). Notes: - The default Core server port can be changed with the `-p` flag when starting Villain. ``` -------------------------------- ### Install Required Dependency (gnome-terminal) Source: https://github.com/t3l3machus/villain/blob/main/README.md Ensures that gnome-terminal is installed, which is a required dependency for certain commands within the Villain framework, particularly for interactive shell sessions. ```Shell sudo apt update && sudo apt install gnome-terminal ``` -------------------------------- ### Upload File to Session Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Transfers a file from the local system into an active shell session. The file is served via the Http File Smuggler (default port 8888) and works regardless of session ownership. ```APIDOC Villain Pseudo-Shell Commands: Upload: Command: upload Description: Transfers a local file to a remote session via HTTP. Context: This command is used from within an active pseudo-shell prompt. Syntax: upload Parameters: LOCAL_FILE_PATH: The path to the file on your local system. REMOTE_FILE_PATH: The destination path for the file on the target system. Notes: - The file is automatically requested from the Http File Smuggler (default port 8888). ``` -------------------------------- ### Generate Reverse Shell Payloads Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Generates reverse shell payloads for various operating systems and handlers using a template-based system. Supports obfuscation and encoding for AV evasion. The 'generate' command can also provide information about specific payload templates. ```APIDOC Villain CLI Commands: Generate Reverse Shell Payloads: Command: generate Description: Generates reverse shell payloads using predefined templates. Syntax: generate payload= lhost= [ obfuscate encode ] Parameters: payload: Specifies the OS type, handler, and payload template (e.g., windows/reverse_tcp/powershell, linux/hoaxshell/sh_curl). lhost: The IP address or network interface to connect back to. obfuscate: (Optional) Enables obfuscation for the payload. encode: (Optional) Enables encoding for the payload. Handlers: - reverse_tcp: For stable TCP-based reverse shells. - hoaxshell: For less stable, single-use shells. Usage Examples: generate payload=windows/reverse_tcp/powershell lhost=eth0 encode generate payload=linux/hoaxshell/sh_curl lhost=eth0 obfuscate Notes: - Templates are located in `Core/payload_templates///`. - Use `generate ` to get info on a specific template. - HoaxShell payloads are not reusable. - Requires SSL to catch HoaxShell HTTPS-based shells. ``` -------------------------------- ### Villain Inject Command Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Executes a local script file filelessly over HTTP against an active session. The script must match the shell session type (e.g., PowerShell script for PowerShell session). Files are requested from the Http File Smuggler. ```APIDOC inject - **Description**: Use the `inject` pseudo shell prompt command to fileless exec a local script file over http against an active session. Files are executed by being http requested from the Http File Smuggler. The script you execute should match the shell session type (e.g., a PowerShell script script should be executed against a powershell.exe session, etc). - **Parameters**: - ``: The absolute or relative path to the local script file to be injected and executed. ``` -------------------------------- ### Villain Purge Command Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Deletes all session-related metadata stored by Villain. This command does not affect any currently active sessions. Villain automatically stores and loads implant information for reusability. ```APIDOC purge - **Description**: Use the `purge` prompt command to delete all session related metadata. Villain automatically stores information regarding generated implants and loads them in memory every time it starts, making HoaxShell generated implants reusable and allowing re-establishment of older sessions. This command does not affect any active sessions you may have. ``` -------------------------------- ### Villain Flee Command Source: https://github.com/t3l3machus/villain/blob/main/Usage_Guide.md Exits the Villain tool without terminating any active sessions. Sessions will be automatically re-established if Villain is restarted and victim machines are still sending HoaxShell beacons. ```APIDOC flee - **Description**: Use the `flee` prompt command to exit Villain without terminating any active sessions. If you start Villain again later and there are still victim machines sending HoaxShell beacons, the sessions will be re-established automatically. ``` -------------------------------- ### Villain Command-Line Interface Source: https://github.com/t3l3machus/villain/blob/main/README.md The primary command-line interface for running the Villain C2 framework. It accepts various flags to configure ports, certificates, and operational modes. ```APIDOC villain [-h] [-p PORT] [-x HOAX_PORT] [-n NETCAT_PORT] [-f FILE_SMUGGLER_PORT] [-i] [-c CERTFILE] [-k KEYFILE] [-u] [-q] Options: -h, --help show this help message and exit -p PORT, --port PORT Port for reverse TCP shells -x HOAX_PORT, --hoax-port HOAX_PORT Port for HoaxShell shells -n NETCAT_PORT, --netcat-port NETCAT_PORT Port for netcat shells -f FILE_SMUGGLER_PORT, --file-smuggler-port FILE_SMUGGLER_PORT Port for file smuggler -i, --interactive Enable interactive mode -c CERTFILE, --certfile CERTFILE Path to SSL certificate file -k KEYFILE, --keyfile KEYFILE Path to SSL key file -u, --update Update Villain -q, --quiet Quiet mode ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.