Mythic Documentation
Search…
Version 2.3
Mythic
Operators
Installation
Internal Documentation
Quick Usage
Operational Pieces
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Presentations / Webinars
Common Errors
Customizing
Hooking Features
Payload Type Development
C2 Related Development
C2 Profile Code
Agent Side Coding
Server Side Coding
OPSEC Checks For C2 Profiles
Configuration Checks
Redirect Rules
C2 Docker Containers
C2 Configuration Files
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Tip of the Week
Updating
Mythic 2.1 -> 2.2 Updates
Mythic 2.2 -> 2.3 Updates
Powered By GitBook
OPSEC Checks For C2 Profiles

OPSEC scripting

When creating payloads, Mythic will send a C2 Profile's parameters to the associated C2 Profile container for an "opsec check". This is a function that you can choose to write (or not) to look over the C2-specific parameter values that an operator selected to see if they pass your risk tolerance. This function lives in the following path: C2_Profiles/[c2 profile name]/mythic/c2_functions/C2_RPC_Functions.py.
1
# The opsec function is called when a payload is created as a check to see if the parameters supplied are good
2
# The input for "request" is a dictionary of:
3
# {
4
# "action": "opsec",
5
# "parameters": {
6
# "param_name": "param_value",
7
# "param_name2: "param_value2",
8
# }
9
# }
10
# This function should return one of two things:
11
# For success: {"status": "success", "message": "your success message here" }
12
# For error: {"status": "error", "error": "your error message here" }
13
async def opsec(request):
14
if request["parameters"]["callback_host"] == "https://domain.com":
15
return {"status": "error", "error": "Callback Host is set to default of https://domain.com!\n"}
16
if request["parameters"]["callback_host"].count(":") == 2:
17
return {"status": "error", "error": f"Callback Host specifies a port ({request['parameters']['callback_host']})! This should be omitted and specified in the Callback Port parameter.\n"}
18
if "https" in request["parameters"]["callback_host"] and request["parameters"]["callback_port"] not in ["443", "8443", "7443"]:
19
return {"status": "success", "message": f"Mismatch in callback host: HTTPS specified, but port {request['parameters']['callback_port']}, is not standard HTTPS port\n"}
20
return {"status": "success", "message": "Basic OPSEC Check Passed\n"}
Copied!
The function gets an array of the parameters specified in the request["parameters"] element. In the end, the function is returning success or error for if the OPSEC check passed or not.

When is this executed?

OPSEC checks for C2 profiles are executed every time a Payload is created. This means when an operator does it through the UI, when somebody scripts it out, and when a payload is automatically generated as part of tasking (such as for lateral movement or spawning new callbacks).
Previous
Server Side Coding
Next
Configuration Checks
Last modified 7mo ago
Copy link
Edit on GitHub
Contents
OPSEC scripting
When is this executed?