Linking Agents
What does it mean to link agents
This refers to the act of connecting two agents together with a peer-to-peer protocol. The details here are agnostic of the actual implementation of the protocol (could be SSH, TCP, Named Pipes, etc), but the goal is to provide a way to give one agent the context it needs to link
or establish some peer-to-peer connectivity to a running agent.
This also comes into play when trying to connect to a new executed payload that hasn't gone through the checkin process with Mythic yet to get registered as a Callback.
Getting the Linking information
When creating a command, give a parameter of type Remote Agent Connection
. Now, when you type your command without parameters, you'll get a popup like normal. However, for the command parameter with the Remote Agent Connection
type, there will be three dropdown menus for you to fill out:
Host:
This field is auto populated based on two properties:
The list of all hosts where you have registered callbacks
The list of all hosts where Mythic is aware you've moved moved a payload to (see Spawning Agents)
Payload:
Once you've selected a host, the Payload
dropdown will populate with the associated payloads that Mythic knows are on that host. These payloads are in two main groups:
The payloads that spawned the current callbacks on that host
The payloads that were moved over via a command registered with Spawning Agents
This payload simply acts as a template of information so that you can select the final piece
C2 Profile:
When trying to connect to a new agent, you have to specify which specific profile you're wanting to connect to. This is because on any given host and for any given payload, there might be multiple c2 profiles within it (think HTTP, SMB, TCP, etc). This field will auto populate based on the C2 profiles that are in the payload selected in the drop down above it.
You'll only be able to select C2 profiles that are marked as is_p2p
for peer-to-peer profiles. This is because it doesn't make any sense to remotely link to an HTTP callback profile for example.
Submitting the task:
Once you've selected all of the above pieces, the task will insert all of that selected profile's specific instantiations as part of the task for the agent to use when connecting. This can include things like specific ports to connect to, specific pipe names to use, or any other information that might be needed to make the connection.
Last updated