Quick Usage

This is a quick primer on using Mythic for the first time

This section will quickly go from first connection to running a basic agent.


When you log in with the admin account, you'll automatically have your current operation set to the default operation. Your current operation is indicated in the top bar in big letters. When other operators sign in for the first time, they won't have an operation set to their current operation. In this case you're alerted to that in big red letters. You can always click on the operation name to get back to the operations management page.

Creating a Payload

You need a payload to use. Go to "Create Components" -> "Create Payload" from the top navigation bar.

You'll be prompted to select which operating system. This is used to filter down possible payloads to generate. For c2 profiles, select the HTTP profile associated with the agent you want to generate. Change the Callback host parameter to be where you want the agent to connect to (if you're using redirectors, you specify that here), similarly specify the Callback port for where you want the agent to connect to.

The HTTP profile by default listens on port 80. If you want to connect to port 443 with SSL instead, you need to go to the C2 profile management page and adjust the configuration for the HTTP profile.

Select the Payload Type you'd like to create. For the purpose of this walkthrough, pick the apfell payload type. Provide a name for the agent (a default one is auto populated) and provide a description that will auto populate the description field for any callbacks created based on this payload. Click Next.

Finally, select any commands you want stamped into the payload initially. You can always load commands in later, but for this walkthrough select all of them. Click Next.

Once you click submit, you'll get a series of popups in the top right corner giving feedback about the creation process. The blue notification popups will go away after a few seconds, but the green success or red error messages must be manually dismissed. This provides information about your newly created agent.

If the server within the HTTP profile container wasn't running when you created the payload (it's not by default), the Mythic server will automatically start it for you as part of this creation process.

Using the Payload

Navigate to the "Operational Views" -> "Created Payloads" page from the top of the navigation bar. This is where you'll be able to see all of the payloads created for the current operation. You can delete the payload, view the configuration, or download the payload. For this walkthrough, download the payload.

Now move the payload over to your target system and execute it. The apfell.js payload can be run with osascript and the file name. Once you've done that, head to the "Operational Views" -> "Active Callbacks" page from the top navigation bar.

Callback Interaction

This is where you'll be able to interact with any callback in the operation. Click the button for the row with your new agent to bring up information in the bottom pane where you can type out commands and issue them to the agent.