Mythic. This means you need to create a new
mythic = Mythic(username="blah" ...) and then call these functions like
payload_typeto be the name of the payload type or it can be a PayloadType object. C2 profiles is a little trickier, but it's a dictionary of C2 profile name and an array of all the parameters. In this case, we're just using one C2 profile in the poseidon agent, the
HTTPprofile, and we're only setting the
callback_hostparameter. Since we're not specifying any of the other parameters, we're leaving them all to their default values. We specify the
tagto give to our payload (this is what autopopulates the description for a callback), and we specify the
filenamefor the payload.
build_parametersfield. It's a list of dictionaries of
valuefields. In the above example, we set the
modebuild parameter for
view_modefor your operation from
developer. You'll see some additional features added on both the
Payload Typespage and the
C2 Profilespage. On the C2 Profiles page, click the dropdown for
Configureand select to
Namecolumn. That's the name you'll be referencing here. On the 3rd row you can see the
callback_hostname that we modified. From here, you can also see more of the "developer" based information such as which parameters are marked as
requiredand which ones have specific regex requirements for what's a
Payload Typespage in the UI and select the dropdown for the corresponding payload type, then select
namefield on the far left is what we're interested in. In our example, we only set one build parameter -
os. That means we used the default value for the other,
mode, which in the case of a
ChooseOneparameter type, will always be the first parameter listed.
commands=["cmd1", "cmd2", "cmd3"...]argument to the Payload to specify which commands you want included in your agent
all_commands=Truewhen actually tasking the creation, which will in turn cause the Scripting to pull information about the payload type you're trying to create, get the most recent listing of all the available commands, and automatically include those as part of your request. This is what we do for the poseidon example above.
wait_for_buildflag. So, everything in Mythic is separated out to different Docker containers, including the actual build pieces for agents. This means when you simply hit the RESTful endpoint to start a build, it returns pretty quickly, but that doesn't mean that the corresponding docker container is actually done building the agent. When you specify
wait_for_build=True, after submitting the RESTful request, the script opens up a websocket connection to Mythic for information on the payload. It will then return when there's some sort of completion state for the payload (success or error). Your
respin this case will have the information about the payload in
async def download_payload(self, payload: Union[Payload, Dict])command allows you to specify the payload you want to download and returns to you the raw bytes of the payload.