Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/HavocFramework/Havoc/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The checkin command requests the Demon agent to send a fresh checkin packet containing comprehensive metadata about the agent’s configuration, host system, process information, and operating system details.

Syntax

checkin

Parameters

This command takes no parameters.

Return Values

The checkin command returns detailed information organized into several categories:
Teamserver
object
Session Path
string
Path where agent session data is stored on the teamserver
Meta Data
object
Agent ID
string
Unique identifier for the agent session (hex format)
Magic Value
hex
Magic value used for validation (0xDEADBEEF)
First Call In
timestamp
Timestamp of the agent’s initial callback
Last Call In
timestamp
Timestamp of the agent’s most recent callback
AES Key
string
32-byte AES encryption key (hex encoded)
AES IV
string
16-byte AES initialization vector (hex encoded)
Sleep Delay
integer
Current sleep interval in seconds
Sleep Jitter
integer
Jitter percentage applied to sleep delay
Host Info
object
Host Name
string
Computer hostname
User Name
string
Current user context
Domain Name
string
Domain or workgroup name
Internal IP
string
Internal IP address(es)
Process Info
object
Process Name
string
Name of the process hosting the agent
Process Arch
string
Process architecture (x86, x64, IA64, or Unknown)
Process ID
integer
Process identifier (PID)
Thread ID
integer
Thread identifier (TID)
Process Path
string
Full path to the process executable
Process Elevated
boolean
Whether the process has elevated privileges
Base Address
hex
Base address of the agent in memory
Operating System
object
Version
string
Windows version string
Build
string
OS build number
Architecture
string
OS architecture (x86, x64/AMD64, ARM, ARM64, Itanium-based)

Examples

Basic Usage

checkin

Example Output

Teamserver:
  - Session Path       : /data/agents/deadbeef

Meta Data:
  - Agent ID           : deadbeef
  - Magic Value        : deadbeef
  - First Call In      : 2024-03-04 10:30:15
  - Last  Call In      : 2024-03-04 12:45:22
  - AES Key            : a1b2c3d4e5f6...
  - AES IV             : 1a2b3c4d5e6f...
  - Sleep Delay        : 60
  - Sleep Jitter       : 20

Host Info:
  - Host Name          : WORKSTATION01
  - User Name          : jdoe
  - Domain Name        : CORP
  - Internal IP        : 10.0.2.15

Process Info:
  - Process Name       : explorer.exe
  - Process Arch       : x64
  - Process ID         : 4521
  - Thread ID          : 2341
  - Process Path       : C:\Windows\explorer.exe
  - Process Elevated   : false
  - Base Address       : 0x7ff612340000

Operating System:
  - Version            : Windows 10
  - Build              : 19045
  - Architecture       : x64/AMD64

Use Cases

  • Session Verification: Confirm the agent is still active and responsive
  • Configuration Review: Check current sleep settings and encryption parameters
  • Context Awareness: Verify user context and privilege level before running commands
  • Troubleshooting: Gather diagnostic information when investigating agent behavior
  • Reconnaissance: Collect host and process information for situational awareness

Notes

  • The checkin command does not modify any agent configuration
  • Encryption keys are regenerated during each checkin and automatically synchronized with the teamserver
  • This command is useful after modifying agent configuration to verify changes took effect
  • Agent ID is derived from session initialization and remains constant throughout the session

Build docs developers (and LLMs) love

Get started for freeTalk to us