1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="author" content="Carson Fleming" />
<meta name="description" content="Harness encrypted client-server communication, asynchronous command distribution, terminal emulation, and support for unlimited clients and controllers with Penguin's Kiss, the ultimate tool to manage remotely controlled devices with security and convenience." />
<link rel="icon" type="image/x-icon" href="/favicon.ico" />
<link rel="stylesheet" type="text/css" href="/css/control.css" />
<title>Command Reference | Docs | Penguin's Kiss</title>
<link rel="canonical" href="https://c2.pkctl.org/commands" />
</head>
<body>
<header id="banner">
<a id="banner-logo" href="/">
<img id="logo-img" src="/img/banner.webp" alt="Penguin's Kiss Banner" />
</a>
<div id="banner-buttons">
<a class="button" href="https://github.com/cflems/pk">GitHub</a>
<a class="button" href="https://github.com/cflems/pk/releases">Download</a>
</div>
</header>
<div id="page">
<nav id="navigation">
<h3 class="nav-heading"><a href="/">About PK</a></h3>
<ul class="nav-section">
<li><a href="/#download">Downloading</a></li>
<li><a href="/#build">Building</a></li>
<li><a href="/#precompiled">Precompiled</a></li>
</ul>
<h3 class="nav-heading"><a href="/client">Client Config</a></h3>
<ul class="nav-section">
<li><a href="/client#tts">Time to Sleep</a></li>
<li><a href="/client#bits">RSA Bits</a></li>
</ul>
<h3 class="nav-heading"><a href="/server">Server Config</a></h3>
<ul class="nav-section">
<li><a href="/server#install">Installing</a></li>
<li><a href="/server#pkctl">PKCTL Usage</a></li>
<li><a href="/server#keygen">Host Key Generation</a></li>
<li><a href="/server#users">Local Users</a></li>
</ul>
<h3 class="nav-heading"><a href="/hdb">Hosts Database</a></h3>
<ul class="nav-section">
<li><a href="/hdb#format">Format</a></li>
<li><a href="/hdb#keys">Keys Section</a></li>
<!-- Routes here soon. :) -->
</ul>
<h3 class="nav-heading"><a href="/commands">Command Reference</a></h3>
<ul class="nav-section">
<li><a href="/commands#beacon">beacon</a></li>
<li><a href="/commands#delbeacon">delbeacon</a></li>
<li><a href="/commands#nbeacons">nbeacons</a></li>
<li><a href="/commands#lbeacons">lbeacons</a></li>
<li><a href="/commands#nscreen">nscreen</a></li>
<li><a href="/commands#ncli">ncli</a></li>
<li><a href="/commands#lcli">lcli</a></li>
<li><a href="/commands#lq">lq</a></li>
<li><a href="/commands#cq">cq</a></li>
<li><a href="/commands#show-serverkey">show-serverkey</a></li>
<li><a href="/commands#pty">pty</a></li>
<li><a href="/commands#refresh-hdb">refresh-hdb</a></li>
<li><a href="/commands#tunnel">tunnel</a></li>
<li><a href="/commands#die">die</a></li>
<li><a href="/commands#shell">Shell Commands</a></li>
<li><a href="/commands#target">Targeting</a></li>
</ul>
</nav>
<div id="content">
<p>The following commands can be executed while attached to the daemon via
<code>pkctl attach</code>.</p>
<section id="beacon">
<h3>beacon</h3>
<p>Creates a DNS beacon that this host will respond to as if it were a legitimate
DNS server. If a beacon already exists at this hostname, record type, and
record class, it will be overwritten.</p>
<p>Arguments: DNS data (hex string), hostname (string), record type (string),
record class (string, optional).</p>
<p>DNS data must be a string representing the hex-encoded binary data to be
returned as the answer to a DNS query for this record.</p>
<p>Hostname is the DNS hostname for which to answer queries.</p>
<p>Record type must be one of A, AAAA, CNAME, MX, or TXT. Data must be formatted
correctly per record type or else malformed responses will be returned.</p>
<p>Record class must be one of IN, CH, or HS, or else omitted. Defaults to IN
(the internet).</p>
<p>Usage:</p>
<pre>pk> beacon 01020304 x.z.pkctl.org A IN</pre>
</section>
<section id="delbeacon">
<h3>delbeacon</h3>
<p>Deletes one or more beacons according to arguments supplied. If only hostname
is supplied, all beacons matching hostname will be deleted. If more arguments
are supplied, the search will be narrowed accordingly.</p>
<p>Arguments: hostname (string), record type (string, optional), record class
(string, optional).</p>
<p>See <a href="#beacon">beacon reference</a> for the meanings of these arguments.</p>
<p>Usage:</p>
<pre>pk> delbeacon x.z.pkctl.org A IN</pre>
</section>
<section id="nbeacons">
<h3>nbeacons</h3>
<p>Prints the number of currently active DNS beacons.</p>
<p>Usage:</p>
<pre>pk> nbeacons
[pk] Active beacons: 224</pre>
</section>
<section id="lbeacons">
<h3>lbeacons</h3>
<p>Lists all currently active DNS beacons and their data.</p>
<p>Usage:</p>
<pre>pk> lbeacons
[pk] Active beacons:
- x.z.pkctl.org A IN: 01020304
- ...
[pk] 224 total.</pre>
</section>
<section id="nscreen">
<h3>nscreen</h3>
<p>Prints the number of currently attached controller screens.</p>
<p>Usage:</p>
<pre>pk> nscreen
[pk] Active screens: 2</pre>
</section>
<section id="ncli">
<h3>ncli</h3>
<p>Prints the number of currently connected TCP clients.</p>
<p>Usage:</p>
<pre>$ ncli
[pk] Active TCP clients: 27</pre>
</section>
<section id="lcli">
<h3>lcli</h3>
<p>Lists the currently connected TCP clients and their descriptive information.</p>
<pre>$ lcli
[pk] Active TCP clients:
- 0: {'ip': '127.0.0.1', 'rport': 47874, 'rdns': 'localhost'}
- ...
[pk] 27 total.</pre>
</section>
<section id="lq">
<h3>lq</h3>
<p>Lists the queue of commands to be executed by newly connected clients.</p>
<p>Usage:</p>
<pre>pk> lq
['whoami', 'hostname']</pre>
</section>
<section id="cq">
<h3>cq</h3>
<p>Clears the command queue.</p>
<p>Usage:</p>
<pre>pk> cq</pre>
</section>
<section id="show-serverkey">
<h3>show-serverkey</h3>
<p>Prints the server's public key in a format easily copyable into an HDB
entry.</p>
<p>Usage:</p>
<pre>pk> show-serverkey
{"n": ..., "e": ...}</pre>
</section>
<section id="pty">
<h3>pty</h3>
<p>Connects your screen to the specified client in a one-on-one terminal session,
similar to SSHing into the client machine.</p>
<p>Arguments: client ID (integer) — can be found with <code>lcli</code>.</p>
<p>Usage:</p>
<pre>$ pty 3</pre>
</section>
<section id="refresh-hdb">
<h3>refresh-hdb</h3>
<p>Commands the client to refresh its internal hosts database from the web resource
it was originally pulled from.</p>
<p>Usage:</p>
<pre>$ refresh-hdb</pre>
</section>
<section id="tunnel">
<h3>tunnel</h3>
<p>Commands the client to disconnect and sleep for the number of seconds configured
in <a href="/client#tts">TTS</a>.</p>
<p>Usage:</p>
<pre>$ tunnel</pre>
</section>
<section id="die">
<h3>die</h3>
<p>Commands the client to exit and not respawn.</p>
<p>Usage:</p>
<pre>$ die</pre>
</section>
<section id="shell">
<h3>Shell Commands</h3>
<p>Inputs which are not recognized as server commands will be interpreted as
shell commands, which will be blasted to all connected clients and queued for
future clients to receive as well. Once executed, the results of these
commands will be blasted to all active screens, and logged in case no screen
is watching at the time of the response. The active command queue can be
managed by way of the <a href="#lq">lq</a> and <a href="#cq">cq</a>
commands.</p>
</section>
<section id="target">
<h3>Targeting</h3>
<p>In the event that you would prefer not to dispatch a command to all current and
future clients, a specific set of targets can be specified by prepending
<code>TARGET={targets}</code> to the command, where <code>{targets}</code> is
a comma-delimited list of client IDs (integers). These client IDs can be
retrieved by checking the output of <code>lcli</code>. Commands which are
targeted are not queued for future clients to receive.</p>
<p>Usage:</p>
<pre>$ TARGET=0,4,57,264 echo hello</pre>
</section>
</div>
</div>
</body>
</html>
|
