Amnesiac
  • Welcome
  • Intended Usage
  • Get-Started
    • Quick Start
  • Main Menu
    • Available Commands
    • Main Menu Structure
    • [0] Scan Network for Admin Access
    • [1] Single-Listener (single target)
    • [2] Global-Listener (multiple targets)
    • [3] Scan Network for Listening Targets
    • Bookmarks
    • Payload Types
    • Payload Delivery
    • Serving Scripts
    • Sessions Display
    • Targets
    • Terminate Sessions
  • Sessions
    • Core Commands
      • Download
      • Exit
      • GListener
      • GLSet
      • Help
      • Kill
      • OneIsNone
      • Scramble
      • Sync
      • Toggle
      • Upload
    • System Commands
      • AV
      • Net
      • Process
      • Services
      • Sessions
      • Software
      • Startup
    • User Activity
      • ClearLogs
      • Clipboard
      • History and ClearHistory
      • Keylog and KeylogRead
      • ScreenShot and Screen4K
    • Scripts Loading
      • Mimi
      • Patch and PatchNet
      • PInject
      • PowerView
      • Rubeus
      • TLS
    • Local Actions
      • Ask4Creds
      • AutoMimi
      • CredMan
      • Dpapi
      • GetSystem
      • HashGrab
      • Hive
      • Kerb
      • Migrate
      • Monitor
    • Domain Actions
      • DCSync
      • CredValidate
      • Impersonation
      • LocalAdminAccess
      • PassSpray
      • Remoting
      • SessionHunter
  • Beware
    • Encryption
    • Non-Domain-Joined systems
    • SessionID 0
    • Timeouts
Powered by GitBook
On this page
  1. Main Menu

Main Menu Structure

Quick Overview

Last updated 1 year ago

The main menu is structured as follows:

[0]

This option scans the network for local admin access using the SMB protocol by default. If admin access is found on any machine, it will be displayed in the main menu under Admin Sessions (SMB) or Global-Listener Sessions (WMI), depending on the protocol used.

This option creates a payload designed to be executed on a single target. Initially, a named pipe is created locally, with a specific name. The payload generated by this option, when executed on the target machine, initiates a connection back to the machine where Amnesiac is running, specifically to the named pipe created with that specific name. It's important to note that the named pipe created using this option is accessible to anyone. However, once the target connects, it is no longer available for anyone else to connect.

This option creates a payload designed to be executed on multiple targets. When executed, the payload generates a named pipe on the target with a pre-defined name. Named pipes created using this option are only accessible by the user operating Amnesiac, based on their SID. Others cannot connect.

This option allows users to scan the network for listening targets. Amnesiac scans the network for machines having a named pipe available with the name set by the payload generated using option 2. If a matching named pipe is found, Amnesiac connects to that target.

[1]

[2]

[3]

Single-Listener (single target)
Global-Listener (multiple targets)
Scan network for listening targets
Scan network for Admin Access