shell - SpecterOps Open Source

Summary

This runs in a terminal by leveraging JXA’s Application.doShellScript({command}). WARNING! THIS IS SINGLE THREADED, IF YOUR COMMAND HANGS, THE AGENT HANGS!

Needs Admin: False
Version: 1
Author: @its_a_feature_

Arguments

command

Description: Command to run
Required Value: True
Default Value: None

Usage

shell {command}

MITRE ATT&CK Mapping

T1059

Detailed Summary

This uses the JXA doShellScript command to execute the specified command. A few things to note though:

This is single threaded, so commands executed in this way have a potential to hang the entire agent
This spawns /bin/sh -c [command] on the command line
This is actually /bin/bash emulating /bin/sh which causes some weirdness, so I do some redirection when you try to actually background a task
This returns results using \r instead of \n or \r\n which is odd, so that is replaced before being returned.

let command = command_params['command'];
if(command[command.length-1] === "&"){
    //doShellScript actually does macOS' /bin/sh which is actually bash emulating sh
    //  so to actually background a task, you need "&> /dev/null &" at the end
    //  so I'll just automatically fix this so it's not weird for the operator
    command = command + "> /dev/null &";
}
response = currentApp.doShellScript(command);
if(response === undefined || response === ""){
    response = "No Command Output";
}
// shell output uses \r instead of \n or \r\n to line endings, fix this nonsense
response = response.replace(/\r/g, "\n");
return {"user_output":response, "completed": true}

​Summary

​Arguments

​command

​Usage

​Without Popup

​MITRE ATT&CK Mapping

​Detailed Summary