Mythic Documentation
Mythic Documentation
Mythic
Installation
Internal Documentation
Quick Usage
Operational Pieces
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Customizing
Hooking Features
Actions
Linking Agents
P2P Connections
Process_List
Artifacts
Credentials
Download
Commands
Keylog
File Browser
Payload Type Development
C2 Related Development
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Powered by GitBook

Linking Agents

What does it mean to link agents

This refers to the act of connecting two agents together with a peer-to-peer protocol. The details here are agnostic of the actual implementation of the protocol (could be SSH, TCP, Named Pipes, etc), but the goal is to provide a way to give one agent the context it needs to link or establish some peer-to-peer connectivity to a running agent.

This also comes into play when trying to connect to a new executed payload that hasn't gone through the checkin process with Mythic yet to get registered as a Callback.

Getting the Linking information

When creating a command, give a parameter of type Remote Agent Connection. Now, when you type your command without parameters, you'll get a popup like normal. However, for the command parameter with the Remote Agent Connection type, there will be three dropdown menus for you to fill out:

`Remote Agent Connect` Filled in parameters

Host:

This field is auto populated based on two properties:

  • The list of all hosts where you have registered callbacks

  • The list of all hosts where Mythic is aware you've moved moved a payload to (see Spawning Agents)

Payload:

Once you've selected a host, the Payload dropdown will populate with the associated payloads that Mythic knows are on that host. These payloads are in two main groups:

  • The payloads that spawned the current callbacks on that host

  • The payloads that were moved over via a command registered with Spawning Agents​

This payload simply acts as a template of information so that you can select the final piece

C2 Profile:

When trying to connect to a new agent, you have to specify which specific profile you're wanting to connect to. This is because on any given host and for any given payload, there might be multiple c2 profiles within it (think HTTP, SMB, TCP, etc). This field will auto populate based on the C2 profiles that are in the payload selected in the drop down above it.

You'll only be able to select C2 profiles that are marked as is_p2p for peer-to-peer profiles. This is because it doesn't make any sense to remotely link to an HTTP callback profile for example.

Submitting the task:

Once you've selected all of the above pieces, the task will insert all of that selected profile's specific instantiations as part of the task for the agent to use when connecting. This can include things like specific ports to connect to, specific pipe names to use, or any other information that might be needed to make the connection.

Previous
Actions
Next
P2P Connections
Last updated 7 months ago
Contents
What does it mean to link agents
Getting the Linking information
Submitting the task: