riskydissonance
commented
3 years ago Hi @its-a-feature, thanks a lot for this 👍. We'll look into it and come back to you quickly.
Closed its-a-feature closed 3 years ago
riskydissonance
commented
3 years ago Hi @its-a-feature, thanks a lot for this 👍. We'll look into it and come back to you quickly.
riskydissonance
commented
3 years ago Thanks @its-a-feature, merging this to dev and it'll make its way to master in the next release.
I'll let @l0gan handle the backgrounding issue if it applies to our cases.
Good morning!
I saw that you added a new JXA agent, which is awesome! I also noticed some... similarities to my JXA agent (Apfell) in the Mythic project. I noticed that there was a git commit to "update credits" (https://github.com/nettitude/PoshC2/commit/6e57ba04ce631ca0e299448228cd6d07aa0118b0#diff-d44483fae061144fc048885de857d2fecf371eab75ea1f66709f1449cedd60dd). However, that just calls out one function as "partially based on" (same with the blog post announcing that my agent was inspiration for the encryption function). I wanted to go ahead and open a pull request and highlight that it is actually more than just inspiration for one function - my code and comments are all over the place. So, hopefully this can help bring to light the amount of... inspiration that was used :)
Also, when my code made its way into your agent, I think you accidentally took out too much or didn't quite understand why some things were they way that they were. For example: in the
run_shellcommand (https://github.com/nettitude/PoshC2/blob/master/resources/payload-templates/Implant-Core.js#L97-L115) when you tried to strip out the way I passed in the command to run (https://github.com/its-a-feature/Mythic/blob/master/Payload_Types/apfell/agent_code/shell.js#L7-L11) but leave everything else there (including my comments), you missed why there's that modification for the&at the end. Since you took it out, you can't actually properly background shell commands. I call it out in the comments, but go ahead and give this a try: