Mythic_CLI- This holds all of the code for the PyPi package,
mythic, that you can use to script up actions.
Mythic_Translator_Container- This holds all of the code for the PyPi package,
mythic_translator_container, that you can use to build your own translation container.
Mythic_PayloadType_Container- This holds all of the code for the PyPi package,
mythic_payloadtype_container, that you can use to create your own payload type docker image or when turning a vm into your own payloadtype container.
Mythic_C2Profile_Container- This holds all of the code for the PyPi package,
mythic_c2_container, that you can use to create your own c2 profile docker image or when turning an arbitrary host into a c2 profile service.
Mythic_DockerTemplates- This holds all of the code and resources that are used to make all of the Docker images hosted on DockerHub (https://hub.docker.com/search?q=itsafeaturemythic&type=image). This is helpful if you want to see what's actually happening for a specific container or you want to use one of these as a starting point for your own containers.
Mythic/Payload_Types/make a new folder that matches the name of your agent. Inside of this folder make a file called
Dockerfile. This is where you have a choice to make - either use the default Payload Type docker container as a starting point and make your additions from there, or use a different container base.
python:3.8-busterand only has python3.8 installed
mono:latestwith python 3.8.6 manually installed along with the
System.Management.Automation.dlladded in (v2 and v4)
karalabe/xgo-latestwith python 3.8.6 manually installed
Mythic/Payload_Types/[agent name]/agent_code/. You can have any folder structure or files you want here.
Mythic/Payload_Types/[agent name]/mythicfolder contains all information for interacting with Mythic. Inside of the
mythicfolder there's a subfolder
agent_functionswhere all of your agent-specific building/command information lives.
mythic-cli install github <url>). You can check if your
docker-composefile is aware of your agent via
mythic-cli payload list. If it's not aware, you can simply do
mythic-cli payload add <payload name>. Now you can start just that one container via
mythic-cli payload start <payload name>.
sudo ./mythic-cli status.
sudo ./mythic-cli logs payload_type_nameto see the output from the container to potentially troubleshoot.
Example_Payload_Type_folder). Essentially, your
/pathApath will be the new
rabbitmq_config.jsonwith the parameters you need
hostvalue should be the IP address of the main Mythic install
namevalue should be the name of the payload type (this is tied into how the routing is done within rabbitmq). For Mythic's normal docker containers, this is set to
hostnamebecause the hostname of the docker container is set to the name of the payload type. For this case though, that might not be true. So, you can set this value to the name of your payload type instead (this must match your agent name exactly).
container_files_pathshould be the absolute path to the folder in step 3 (
/pathAin this case)
PYTHONPATHvariable adding your
mythic_rabbitmqin order to send/receive messages. By default, this container is bound on localhost only. In order to have an external agent connect up, you will need to adjust this in the
Mythic/.envfile to have
RABBITMQ_BIND_LOCALHOST_ONLY=falseand restart Mythic (
sudo ./mythic-cli restart). The
sudo ./mythic-cli config payloadwill ask if you want to do this too.
python3.8 mythic_service.pyand now you should see this container pop up in the UI