Aliases are stored locally in the UI folder, in the Nighthawk.xml file.
as of now, there is no way to remove aliases in the client, so delete them from this file to remove them.
aliases are local, not global, although as of 0.1.1, creating aliases prints a message to the console so this is misleading for other operators.
BOF Alias Examples
probe
alias:
alias probe "execute-bof z:\\tools\\CS-Situational-Awareness-BOF\\SA\\probe\\probe.x64.o go z\"$1\" i$2"
example usage:
probe client.com 445
netuser
alias:
alias netuser "execute-bof z:\\tools\\CS-Situational-Awareness-BOF\\SA\\netuser\\netuser.x64.o go Z\"$1\" Z\"$2\""example usage:
netuser username domain.comnslookup
alias:
alias nslookup "execute-bof z:\\tools\\CS-Situational-Awareness-BOF\\SA\\nslookup\\nslookup.x64.o go z\"$1\" z\"$2\" s$3"example usage:
# a record lookup
nslookup s1hb.com 1.1.1.1 1
# get list of DCs for given domain
nslookup _ldap._tcp.dc._msdcs.client.fqdn.com dc_ip 33note: the last arg is an integer of record type. The following is a list of some record types supported by the BOF:
#define DNS_TYPE_ZERO 0x0000
// RFC 1034/1035
#define DNS_TYPE_A 0x0001 // 1
#define DNS_TYPE_NS 0x0002 // 2
#define DNS_TYPE_MD 0x0003 // 3
#define DNS_TYPE_MF 0x0004 // 4
#define DNS_TYPE_CNAME 0x0005 // 5
#define DNS_TYPE_SOA 0x0006 // 6
#define DNS_TYPE_MB 0x0007 // 7
#define DNS_TYPE_MG 0x0008 // 8
#define DNS_TYPE_MR 0x0009 // 9
#define DNS_TYPE_NULL 0x000a // 10
#define DNS_TYPE_WKS 0x000b // 11
#define DNS_TYPE_PTR 0x000c // 12
#define DNS_TYPE_HINFO 0x000d // 13
#define DNS_TYPE_MINFO 0x000e // 14
#define DNS_TYPE_MX 0x000f // 15
#define DNS_TYPE_TEXT 0x0010 // 16
// RFC 2052 (Service location)
#define DNS_TYPE_SRV 0x0021 // 33
See the full list at: https://www.codeproject.com/Articles/21246/DNS-Query-MFC-based-Application (this is linked to from the BOF source code)