Interactive Cortana ProgrammingNovember 7, 2014
Cortana is the scripting engine built into Armitage and Cobalt Strike. It’s based on my Sleep scripting language. Most scripting languages have a REPL (Read, Eval, Print Loop) that allows users to experiment with the technology in an interactive way.
I didn’t build an REPL into Cortana natively, but one is available as a script. This script is eval.cna. Go to the Cortana Github repository, download eval.cna, and load it into Armitage or Cobalt Strike. You can do this through the Armitage -> Scripts.
Go to View -> Script Console to open the Cortana console. The eval.cna script adds three commands to the Cortana console. These are x, ?, and e.
The x command evaluates an expression and prints the result. In Sleep, this is anything you can assign to a variable or pass as an argument to a function. For example, x 2 + 2 prints out 4.
The ? command evaluates a Sleep predicate expression and prints whether its true or false. A predicate is anything you can use in an if statement or while loop. For example, ? -iswinmeterpreter 1 prints true if session 1 is a Windows Meterpreter session.
Finally, the e command evaluates one or more Sleep statements. Use this command to quickly try out a for loop or a more complicated series of statements.
These commands make it very easy to explore Cortana and interactively interrogate your Cobalt Strike or Armitage instance. If you’d like to learn more about Cortana, I recommend that you consult its documentation.