Description

When executing the dropper_jxa.js payload on a macOS target, no implant checks in and there are errors in the web logs indicating the initial implant values are causing the problem.

Execution Environment:

All of this must be filled in

Data	Value
Full Posh version (all the text between the === at the top of the Implant Handler)	PoshC2 v8.0 (3e61e69 2022-06-22 14:13:16)
OS & version	macOS Big Sur Version 11.6.5
Using Docker/containerisation?	N/A

Implant Info

• What implant does the problem occur on?

JXA/JS

• How was the implant created? Running a default payload? Inject-shellcode? Custom payload?

Default payload

Defensive Technologies

N/A - Just testing in a lab environment

To Reproduce

Steps to reproduce the behavior:

Generate a JXA/JS payload and attempt to execute the payload: osascript -l JavaScript dropper_jxa.js

Expected behavior

The implant should check in and show a session to interact with

Screenshots

If applicable, add screenshots to help explain your problem.

This is the error shown in the webserver.log upon executing a vanilla payload: