To make it easier to write powerful payload scripts regardless of the host's operating system, the environment is somewhat standardized.
The shell in which the payload runs is a classic Bourne shell.
This is not the same as Bash!
Why not Bash?
The point of Azban is to be able to run the same way on as many systems as possible.
Therefore, the lowest common denominator is the classic Bourne shell.
Only Windows-based systems require downloading it (which is taken care of by the bootstrap stage before the payload is actually run).
$DKEY environment variable is set to the device key of the Azban device running the payload.
This allows calling the backend easily, for example to collect assets
Azban does its best to cover its tracks.
After running the payload, it removes all traces from the filesystem.
The only exception to this is in Windows, where a binary executable cannot remove itself. Therefore, on Windows systems, the .r directory remains, containing only three files: