To start interaction with an engineer, visit the engineer page, and select interact from the options dropdown on the right-hand side
This will load the interact page with the current tab being whatever the interacted engineer. Each engineer you have started interacting with will have a tab open. If you close a tab, you can reopen it by interacting with the implant.
All commands are sent from the teamserver to all clients, so when you start interacting with an implant, they will populate if it has previous commands.
tabs are in the format of pid@hostip
At the bottom of each tab is the command window where you can enter commands, and the client features autocomplete and a help menu.
Below that is the engineer metadata. Since the engineer table is on the engineer page, the table entry is replicated here to help keep track of necessary metadata for the engineer.
The way a command is structured is a bit unique in HardHat. a typical command is structured like this
CommandName /Key VALUE /Key VALUE ....for example
Inlineassembly /file c:\rubeus.exe /args createnetonly /program:"C:\Windows\System32\cmd.exe" /show /username:USERNAME /domain:DOMAIN /password:PASSWORD
Command input example
The HardHat Client program keeps track of all commands and their corresponding keys. This means if a command is supplied that does not exist, it will reject the input. It will also validate supplied keys and give an error if a required key is missing, such as
/filefrom the cat command.
at any time, you can run the help command to see what keys are available or use the autocomplete it adds all possible keys then you can delete the ones you do not want to include in the command. When auto-filled, required keys have the value
Value, and optional keys have the value of
Help Command Table Example
Commands are also case-insensitive so
inlineAssembly areboth valid
Once a command is sent off to the teamserver, it becomes a task to be run by the engineer, except in the case of help, which is local to the operator's client.
All commands are executed as asynchronous jobs unless the
/method syncflag is provided, make sure to supply it on all the commands you want to run in order.
Note: Sync method execution is a blocking action.
During execution, any command can be canceled via the UI. During execution, the client will have an
icon that will send a cancel command request to the implant. While any command can be canceled this really only affects longer-running tasks like
The help command runs only on your local client and is not replicated to other clients. This command gives you a searchable table output containing info about commands, the set opsec level, Mitre ATT&CK mapping, keys, etc. So don't worry; you can run it without annoying teammates.