Implant Functionality
The FudgeC2 implants have built in commands to short-hand common functionality. The functionality is invoked by prepending :: to the required command, for example to load the PowerUp module you would run the load_module command, followed by the script name.
To see how to add new scripts to FudgeC2, see below.
These commands are being added on a regular basis, however, if there are commands you'd like to see built into the the next release please raise a feature request. Below is a list of all built in commands available to the user.
| Command | Info |
|---|---|
<command> |
If no builtin prefix in used the submitted value will be directly executed by Powershell. |
:: sys_info |
Collects username, hostname, domain, and local IP |
:: enable_persistence |
Enables persistence by embedding a stager payload into the following autorun registry key |
:: export_clipboard |
Attempts to collect any text data stored in the users clipboard. |
:: load_module [target script] |
This will load external Powershell modules, such as JAWS. |
:: exec_module [loaded module name] |
Executes a specific function of a loaded module. |
:: list_modules |
Lists all loaded modules by the implant. |
:: download_file [target file] |
Downloads the target file to the FudgeC2 server |
:: upload_file [local file] [remote path/filename] |
Uploads a file to the target path and specific filename |
:: play_audio [audio file (wav)] |
Plays a wav file on the compromised host. |
:: screenshot |
Plays an audio file on the compromised host. |
Add your script to the following directory to make it available to the load_module command:
<installation dir>/Storage/implant_resources/