Mythic Documentation
Mythic Documentation
Mythic
Installation
Internal Documentation
Quick Usage
Operational Pieces
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Customizing
Hooking Features
Actions
Linking Agents
P2P Connections
Process_List
Artifacts
Credentials
Download
Commands
Keylog
File Browser
Payload Type Development
C2 Related Development
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Powered by GitBook

Hooking Features

All of the following features describe information that can be included in responses. These sections describe some additional JSON formats and data that can be used to have your responses be tracked within Mythic or cause the creation of additional elements within Mythic (such as files, credentials, artifacts, etc).

You can hook multiple features in a single response because they're all unique. To display something to the user, it should be in the user_outputfield, such as:

{
    "user_output": "Still working",
}
​
or even
{
    "user_output": "{\"key": \"nested json for user as string\"}"
}

The various styles of output are described in the follow-on pages:

Reserved Keywords

When we talk about Hooking Features in the Action: post_response message of an agent, we're really talking about a specific set of Dictionary key value pairs that have special meaning. All responses from the agent to the Mythic server already have to be in a structured format. Each of the above sections goes into what their reserved keywords mean, but a total list is found below:

  • total_chunks - integer - used with file uploads/downloads for chunking

  • chunk_num - integer - use with file uploads/downloads for chunking

  • full_path - string - used with file uploads/downloads to report back the full path of the file (ex: test.txt is meaningless, full_path would report back C:\Users\username\Desktop\test.txt)

  • user_output - string - used with any command to display information back to the user

  • completed - boolean - used with any command to indicate that the task is done (switches to the green completed icon)

  • status - string - used to indicate that a command is not only done, but has encountered an error (value would be "error")

  • file_id - string (uuid to be specific) - used with file uploads/downloads and any command wishing to utilize chunking for files

  • artifacts - array - an array of artifact objects that report back artifacts created on disk/on the network

  • credentials - array - an array of credential objects that report back credentials gathered from the host

  • window_title - string - the title of the window associated with keystrokes for a keylogger

  • user - string - the user associated with keystrokes for a keylogger

  • keystrokes - string - the keystrokes for a keylogger

  • edges - array - an array of P2P linking/unlinking information

  • commands - array - an array of command updating information (telling mythic that the callback loaded/unloaded commands)

  • file_browser - dictionary - a dictionary of information about the file/folder with potentially a nested array to give details about all of the files within a folder

Previous
Scripting Event Messages
Next
Actions
Last updated 4 months ago