Clicking the "Configure" button on a Payload Type brings up a short menu with a few important options:

Edit Info and Files

Clicking "Edit Info" brings up a new menu to edit the metadata about a payload type.

There are a few interesting pieces to call out here:

  • "Is this payload a wrapper for another payload"

    • A "Payload Wrapper" is a special form of payload type that simply acts a a wrapper for another payload type. An easy example of this is msbuild or macros from the Windows environment. These are payloads you might drop onto a system, but they aren't the real payload you're trying to execute. They're just wrappers for the actual end payload. That's the same goal here. When you toggle this, you then get to pick which other payload type it wraps. For now, you can only base64 encode that other payload type, but in the future you'll be able to do other modifications to make it more useful.

  • "Is this payload going to be created externally to Apfell"

    • This external flag is what sets the led color to blue. This allows you to register all of the metadata about a payload type into the system (what commands it uses, what the c2 parameters look like, etc), but actually create the agent elsewhere.

  • Select payload code files to upload

    • This is where you can upload more files for the agent code. If you're curious about modifying agent code or creating an agent, check out the Payload Type Development section.

  • Select payload code files to upload to container

    • This is slightly nuanced from the previous upload section. This is where you'd upload additional files to the docker container that your payload type might need. This could be configuration files, external binaries you want to call during payload creation, module loading, or tasking, or anything else you want available within the docker container.

  • Helpful information for executing the payload

    • This is where you can provide helpful information for the operator when they create a payload. In the apfell-jxa example above, there's an osascript oneliner to pull down and execute the script in memory, but that can vary wildly between different payload types.

  • Template for commands

    • This is where you can provide a template for how future users can add new commands for the payload type.

  • Does this payload support dynamic loading - This is where you can specify if your payload allows you to load new modules in it or not. If this is false, then when creating a payload, you will not be able to choose which commands you want stamped into it - they'll ALL always be stamped in. If this is set to true, it does allow dyanmic loading, then you can freely choose which commands you want stamped in at creation time and load in new commands later.

Below this section is an area where you can delete and download different files for the payload type or inside the container.