Task Orchestration System

Overview

NeoC2 Task Orchestration system allows operators to create and execute automated sequences of modules across agents. This feature enables multi-step operations to be executed as a single command, improving efficiency and reducing the manual overhead of executing sequences of related modules.

Task chains are useful for: - Automated reconnaissance campaigns (enum → scan → harvest) - Privilege escalation chains (get_system → whoami → pslist) - Post-exploitation sequences (keylog → screen_capture → exfil) - Complex attack scenarios that require multiple modules to be executed in sequence

Command Structure

All task orchestration commands follow the format: taskchain <action> [options]

Available Commands

1. Create Task Chain

Creates a new task chain with specified modules and options.

taskchain create <agent_id> <module1=arg1,arg2,module2=arg3,module3> [name=chain_name] [execute=true]

Parameters: - agent_id: The target agent ID to execute the chain on - <module1=arg1,arg2,module2=arg3,module3>: Enhanced format with module-specific arguments - name=chain_name: (Optional) Name for the task chain - execute=true: (Optional) Execute the chain immediately after creation (default: false)

Syntax: The syntax allows specifying arguments for each module directly in the command: - module_name=arg1,arg2 executes the same module multiple times with different arguments - module1=arg1,module2=arg2 executes different modules with their respective arguments - Arguments containing commas, parentheses, or quotes are properly handled within the syntax - You can mix module types (with and without arguments) in the same command

Enhanced Syntax Features: - Multi-argument module execution: Execute the same module with multiple different arguments in sequence - Module-specific arguments: Pass specific file paths, scripts, or parameters to each module type - Intelligent comma handling: Commas within parentheses, brackets, or quotes are preserved correctly - Full module compatibility: Works with all NeoC2 modules including execute-bof, pwsh, execute-assembly, and custom modules

Examples:

# Enhanced format - Execute multiple BOF files with execute-bof module
taskchain create AGENT001 execute-bof=whoami.x64.o,tasklist.x64.o,pwsh=Get-ComputerName.ps1,execute-assembly=rubeus.exe name=test

# Enhanced format with PowerShell and assembly execution
taskchain create AGENT001 pwsh=Invoke-Mimikatz.ps1,execute-assembly=SharpHound.exe name=test

# Create and immediately execute a chain using enhanced syntax
taskchain create AGENT001 peinject=netview.exe,execute-assembly=Seatbelt.exe execute=true

# Mixed format - combining modules with and without arguments
taskchain create AGENT001 execute-bof=whoami.o,get_system,whoami,execute-assembly=rubeus.exe name=mixed_chain

2. List Task Chains

Lists all task chains or filters by specific criteria.

taskchain list [agent_id=<agent_id>] [status=<status>] [limit=<limit>]

Parameters: - agent_id=<agent_id>: (Optional) Filter chains by specific agent ID - status=<status>: (Optional) Filter by status (pending, running, completed, failed) - limit=<limit>: (Optional) Limit number of results (max 100, default 50)

Examples:

# List all task chains
taskchain list

# List chains for specific agent
taskchain list agent_id=AGENT001

# List pending chains for specific agent
taskchain list agent_id=AGENT001 status=pending

# List with limit
taskchain list limit=25

3. Check Chain Status

Displays detailed status information for a specific task chain.

taskchain status <chain_id>

Parameters: - chain_id: The unique identifier of the task chain to check

Example:

# Check status of a specific chain
taskchain status CHAIN1234567890

Output includes: - Chain ID and name - Target agent ID - Chain status (pending, running, completed, failed) - Creation, start, and completion timestamps - Individual task status and results - Error information if tasks failed

4. Execute Chain

Manually starts execution of a previously created chain.

taskchain execute <chain_id>

Parameters: - chain_id: The unique identifier of the task chain to execute

Example:

# Execute a specific chain
taskchain execute CHAIN1234567890

5. Help

Displays usage information and examples.

taskchain help

Chain Execution Flow

When a task chain is executed, it follows this execution flow:

  1. Validation Phase:
  2. Verify agent exists and is online
  3. Check agent is not locked by another operator
  4. Validate all modules in the chain exist

  5. Ensure all required module parameters are provided

  6. Execution Phase:

  7. Execute modules in sequence (1 → 2 → 3 → ...)
  8. Wait for each task to complete before starting the next
  9. If any task fails, the chain execution stops

  10. Store results and status for each task

  11. Status Tracking:

  12. Each task has its own status (pending, running, completed, failed, cancelled)
  13. Chain status reflects the overall progress
  14. Error details are preserved for troubleshooting

Module Compatibility

Task chains work with any NeoC2 module that follows the standard module interface.

Example Workflows

Execute multiple module extensions in sequence:

# Enumeration chain
taskchain create AGENT001 execute-bof=netview.x64.o,netsession.x64.o,execute-assembly=SharpHound.exe name=enum_chain

# Credential harvesting chain
taskchain create AGENT001 execute-bof=lsadump.o,secretsdump.o,execute-assembly=Rubeus.exe,pwsh=Invoke-Mimikatz.ps1 name=credential_harvest

# Lateral movement preparation
taskchain create AGENT001 execute-bof=netview.o,shares.o,execute-assembly=SharpHound.exe name=lateral_movement_prep

Monitoring

  • Monitor chain status regularly during execution
  • Check individual task results if the chain fails
  • Use the taskchain status command to track progress

Troubleshooting

Chain Not Starting

  • Verify the agent is online and responsive
  • Check that you have permissions to execute modules on the target agent agent info <agent_id
  • Confirm all modules in the chain exist and are properly loaded

Individual Task Failing

  • Check the detailed status output for error messages
  • Verify module-specific parameters and requirements
  • Test the failing module individually before including it in a chain

Chain Stuck in Running State

  • Check agent connectivity and responsiveness
  • Verify the agent's task queue for stuck tasks
  • Consider restarting the agent if tasks appear to be hung

Performance Considerations

  • Longer chains may take considerable time to complete
  • Consider the impact on agent resources when designing chains
  • Limit the number of resource-intensive modules in a single chain
  • Monitor agent performance during chain execution