How to Interact

To start interaction with an engineer, visit the engineer page, and select interact from the options dropdown on the right-hand side

This will load the interact page with the current tab being whatever the interacted engineer. Each engineer you have started interacting with will have a tab open. If you close a tab, you can reopen it by interacting with the implant.

All commands are sent from the teamserver to all clients, so when you start interacting with an implant, they will populate if it has previous commands.

At the bottom of each tab is the command window where you can enter commands, and the client features autocomplete and a help menu.

Below that is the engineer metadata. Since the engineer table is on the engineer page, the table entry is replicated here to help keep track of necessary metadata for the engineer.

Understanding Commands

The way a command is structured is a bit unique in HardHat. a typical command is structured like this CommandName /Key VALUE /Key VALUE .... for example Inlineassembly /file c:\rubeus.exe /args createnetonly /program:"C:\Windows\System32\cmd.exe" /show /username:USERNAME /domain:DOMAIN /password:PASSWORD

The HardHat Client program keeps track of all commands and their corresponding keys. This means if a command is supplied that does not exist, it will reject the input. It will also validate supplied keys and give an error if a required key is missing, such as /file from the cat command.

at any time, you can run the help command to see what keys are available or use the autocomplete it adds all possible keys then you can delete the ones you do not want to include in the command. When auto-filled, required keys have the value Value , and optional keys have the value of optionalValue

Commands are also case-insensitive so InLiNeAsSeMbLy and inlineAssembly are both valid

Tasks

Once a command is sent off to the teamserver, it becomes a task to be run by the engineer, except in the case of help, which is local to the operator's client.

All commands are executed as asynchronous jobs unless the /method sync flag is provided, make sure to supply it on all the commands you want to run in order. ⚠️ Note: Sync method execution is a blocking action.

During execution, any command can be canceled via the UI. During execution, the client will have an ❌icon that will send a cancel command request to the implant. While any command can be canceled this really only affects longer-running tasks like InlineAssembly for example.

Help Command

The help command runs only on your local client and is not replicated to other clients. This command gives you a searchable table output containing info about commands, the set opsec level, Mitre ATT&CK mapping, keys, etc. So don't worry; you can run it without annoying teammates. 🎉