Overview
In this tutorial, you will learn how to manage and interact with Specter sessions.
Background Knowledge
The primary mechanism for interacting with Specters is through the interactive session window. This window provides a rich user interface for managing an individual Specter implant.
Components
Session Information Panel: This panel contains information about the context of the environment the Specter is running in to include: host identifier, session identifier, fully qualified domain name (FQDN), OS and version, IP address of the connection, Username, full process path, PID, the architecture, current callback interval settings, the expiration date, and a countdown to the next check-in.
Script Lookup Panel: This panel provides an interface for looking up available SpecterScripts that give you capability out-of-the-box. These could also be referred to as pastables. SpecterScripts are essentially a way to automatically store your pastables and bring them back up during interactive operations.
Command Editor Panel: Here is where you type in your commands. The input is raw PowerShell commands.
Command History Panel: This contains a list of the most recent tasks issued to the selected Specter. This table is updated whenever new tasks are assigned or updates are provided from the server. Selecting a row will show detailed information for that task in the Command Output Panel.
Command Output Panel: This panel shows the results of a Specter task including the text output, JSON form, errors, and the original command itself.
Task a Specter to Run a SpecterScript
You can build a task by typing a command into the Command Editor or loading a SpecterScript by searching the Specter Scripts panel and clicking the insert button. Once your task is ready, you can task the Specter by clicking either the “Run in Background” or “Run” buttons. When a script is run in the background, it is executed in a randomly selected runspace from the PowerShell Runspace Pool. There is no guarantee which runspace you will get or if it will be a brand new runspace. Alternatively, there is a dedicated “main” runspace that ensures you command is executed only on that runspace. This is useful for interactive sessions where you need to save variables between tasks. All commands sent to the “main” runspace will be executed one at a time in the order that the task arrived while tasks run in the background are run in parallel.
