Mythic Documentation
Search…
Version 2.3
Mythic
Operators
Installation
Connecting
A note about containers
Updating Mythic
Internal Documentation
Quick Usage
Operational Pieces
Message Flow
Understanding Commands
Payload Types
C2 Profiles
Reporting
Scripting
Presentations / Webinars
Common Errors
Customizing
Hooking Features
Payload Type Development
C2 Related Development
Common Questions and Answers
FAQ / Troubleshooting Tips
Change Log
Next Release
Tip of the Week
Updating
Mythic 2.1 -> 2.2 Updates
Mythic 2.2 -> 2.3 Updates
Powered By GitBook
A note about containers

Mythic and containers

Mythic uses docker containers to logically separate different components and functions. There are three main categories:
  1. 1.
    Mythic's main core. This consists of docker containers stood up with docker-compose:
    1. 1.
      mythic_server - An async python3 Sanic instance
    2. 2.
      mythic_postgres - An instance of a postgresql database
    3. 3.
      mythic_rabbitmq - An instance of a rabbitmq container for message passing between containers
    4. 4.
      mythic_nginx - A instance of a reverse Nginx proxy
    5. 5.
      mythic_graphql - An instance of a Hasura GraphQL server
    6. 6.
      mythic_redis - An instance of a small redis database for use with JWT storage and SOCKS data
  2. 2.
    Command and Control (C2) Profiles
    1. 1.
      Any folder in Mythic/C2_Profiles will be treated like a docker container specific to C2 profiles (more on this in the C2 section).
  3. 3.
    Payload Types
    1. 1.
      Any folder in Mythic/Payload_Types will be treated like a docker container specific to a payload type (such as apfell, atlas, etc)
To stop a specific C2 Profile's container, run sudo ./mythic-cli c2 stop {c2_profile_name} or sudo ./mythic-cli c2 stop to stop all of them.
To stop a specific Payload Type's container, run sudo ./mythic-cli payload stop {payload_type_name} or sudo ./mythic-cli payload stop to stop all of them.
If you want to reset all of the data in the database, use sudo ./mythic-cli database reset.
If you want to start/restart any specific payload type container, you can do sudo ./mythic-cli payload start {payload_type_name} and just that container will start/restart. If you want to start multiple, just do spaces between them: sudo ./mythic-cli payload start {payload type 1} {payload type 2}.
Mythic shares the networking with the host it's on. This allows Mythic to not worry about exposing specific ports ahead of time for each container since they can be dynamically set by users. However, this does mean that Mythic needs to run as root if any ports under 1024 need to be used.

Docker-compose

All of Mythic's containers now share a single docker-compose file. When you install an agent or C2 Profile this docker-compose file will automatically be updated. However, you can always add/remove from this file via mythic-cli and list out what's registered in the docker-compose file vs what you have available on your system:
1
./mythic-cli payload add apfell
2
[+] Successfully updated docker-compose.yml
3
​
4
./mythic-cli payload list
5
Docker-compose entries:
6
[+] apfell
7
​
8
Payload Types on disk:
9
[+] apfell
10
[+] atlas
11
[+] leviathan
12
[+] poseidon
13
[+] service_wrapper
14
​
15
/mythic-cli c2 add http
16
[+] Successfully updated docker-compose.yml
17
​
18
./mythic-cli c2 list
19
Docker-compose entries:
20
[+] http
21
​
22
C2 Profiles on disk:
23
[+] dynamichttp
24
[+] http
25
[+] websocket
Copied!
This makes it easy to track what's available to you and what you're currently using.

Architecture

Mythic's architecture is broken out in the following diagram:
Operators connect via a browser to the main Mythic server. This server is a Sanic, python3 web server. This main Mythic server connects to a PostgreSQL database where information about the operations lives. Each of these are in their own docker containers. When Mythic needs to talk to any payload type container or c2 profile container, it does so via RabbitMQ, which is in its own docker container as well.
When an agent calls back, it connects through these c2 profile containers which have the job of transforming whatever the c2 profile specific language/style is back into the normal RESTful API calls that the Mythic server needs.

Mythic Container Locations

The base containers for the Mythic agents are located with the itsafeaturemythic DockerHub repository: https://hub.docker.com/search?q=itsafeaturemythic&type=image.
There are currently base containers for csharp, python3.8, and a special one for poseidon's xgo environment. More containers will be added in the future, but having the base containers pre-configured on DockerHub speeds up install time for operators.
Previous
Connecting
Next
Updating Mythic
Last modified 6mo ago
Copy link
Edit on GitHub
Contents
Mythic and containers
Docker-compose
Architecture
Mythic Container Locations