When executing the dropper_jxa.js payload on a macOS target, no implant checks in and there are errors in the web logs indicating the initial implant values are causing the problem.
Execution Environment:
All of this must be filled in
Data
Value
Full Posh version (all the text between the === at the top of the Implant Handler)
PoshC2 v8.0 (3e61e69 2022-06-22 14:13:16)
OS & version
macOS Big Sur Version 11.6.5
Using Docker/containerisation?
N/A
Implant Info
What implant does the problem occur on?
JXA/JS
How was the implant created? Running a default payload? Inject-shellcode? Custom payload?
Default payload
Defensive Technologies
N/A - Just testing in a lab environment
To Reproduce
Steps to reproduce the behavior:
Generate a JXA/JS payload and attempt to execute the payload: osascript -l JavaScript dropper_jxa.js
Expected behavior
The implant should check in and show a session to interact with
Screenshots
If applicable, add screenshots to help explain your problem.
This is the error shown in the webserver.log upon executing a vanilla payload:
Description
When executing the dropper_jxa.js payload on a macOS target, no implant checks in and there are errors in the web logs indicating the initial implant values are causing the problem.
Execution Environment:
PoshC2 v8.0 (3e61e69 2022-06-22 14:13:16)Implant Info
What implant does the problem occur on?
How was the implant created? Running a default payload? Inject-shellcode? Custom payload?
Defensive Technologies
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Screenshots
If applicable, add screenshots to help explain your problem.