Keylog
Keystrokes are sent back from the agent to the Mythic server
{
"task_id": "task uuid here",
"keylogs": [
{
"user": "its-a-feature",
"window_title": "Notepad - Untitled",
"keystrokes": "my password is zer0c00l"
}
]
}
Agents can report back keystrokes at any time. There are three components to a keystroke report:
user- the user that is being keyloggedwindow_title- the title of the window to which the keystrokes belongkeystrokes- the actual recorded keystrokes
Having the information broken out into these separate pieces allows Mythic to do grouping based on the user and window_title for easier readability.
If the agent doesn't know the user or the window_title fields, they should still be included, but can be empty strings. If empty strings are reported for either of these two fields, they will be replaced with "UNKNOWN" in Mythic.
What happens if you need to send keystrokes for multiple users/windows?
{
"action": "post_response",
"responses": [
{
"task_id": "task uuid here",
"keylogs": [
{
"user": "its-a-feature",
"window_title": "Notepad - Untitled",
"keystrokes": "my password is zer0c00l"
},
{
"user": "its-a-feature",
"window_title": "Notepad - Untitled",
"keystrokes": "my password is zer0c00l"
}
,{
"user": "its-a-feature",
"window_title": "Notepad - Untitled",
"keystrokes": "my password is zer0c00l"
}
]
}
]
}
Last modified 1yr ago