This section will quickly go from first connection to running a basic agent.
When you first start Apfell, you won't have an operation select as your current operation. Your current operation is indicated in the top bar in big purple letters. Since once isn't selected, you're alerted to that in big red letters. You can always click on the operation name to get back to the operations management page.
Go to "Manage Operations" -> "Operations Management" from the top navigation bar. There will initially just be the one row for the
default operation. Select this as your current one and the top navigation bar should update to reflect this.
You need a payload to use. Go to "Create Components" -> "Create Payload" from the top navigation bar.
default C2 Profile. From here, you'll supply the values that will go into your agent. Change the
callback_host value with the IP or domain of your Apfell server or, if you're using a redirector, provide that information here. Similarly, update the
callback_port value with the port your agent will be using. Click
Select the Payload Type you'd like to create. For the purpose of this walkthrough, pick the
apfell-jxa payload type. Provide a name for the agent, such as
testing.js and provide a description that will auto populate the description field for any callbacks created based on this payload. Click
Finally, select any commands you want stamped into the payload initially. You can always load commands in later, but for this walkthrough select all of them. Click
You'll get a chance to see all of your values before finally clicking
Once you click submit, you'll get a series of popups in the top right corner giving feedback about the creation process. The blue notification popups will go away after a few seconds, but the green success or red error messages must be manually dismissed. This provides information about your newly created agent.
Navigate to the "Manage Operations" -> "Payload Management" page from the top of the navigation bar. This is where you'll be able to see all of the payloads created for the current operation (top section) and information about all of the payload types that Apfell knows about globally (bottom section). You can delete the payload, host it at a specific URL, view the configuration, or download the payload. For this walkthrough, download the payload.
Now move the payload over to your target system and execute it. The
testing.js payload can be run with
osascript and the file name, or you can click
config and you'll see a handy one-liner you can customize to run the payload. Once you've done that, head to the "Operational Views" -> "Active Callbacks" page from the top navigation bar.
This is where you'll be able to interact with any callback in the operation. Click the "Interact" button to bring up information in the bottom pane where you can type out commands and issue them to the agent.