Payload environment

From Azban Wiki
Jump to navigation Jump to search

Contents

Introduction

To make it easier to write powerful payload scripts regardless of the host's operating system, the environment is somewhat standardized.

Shell

The shell in which the payload runs is a classic Bourne shell.

This is not the same as Bash!

Why not Bash?

The point of Azban is to be able to run the same way on as many systems as possible.

Therefore, the lowest common denominator is the classic Bourne shell.

Only Windows-based systems require downloading it (which is taken care of by the bootstrap stage before the payload is actually run).

Environment

$DKEY

The $DKEY environment variable is set to the device key of the Azban device running the payload.

This allows calling the backend easily, for example to collect assets

Clean-up

Azban does its best to cover its tracks.

After running the payload, it removes all traces from the filesystem.

The only exception to this is in Windows, where a binary executable cannot remove itself. Therefore, on Windows systems, the .r directory remains, containing only three files:

  • sh.exe
  • rm.exe
  • cygwin1.dll