Last updated
Last updated
The RPC functionality within Mythic as of 2.2.7 is more dynamic, allowing more functionality to be added to the back-end and automatically usable by the Payload Type containers without requiring new PyPi packages or new Docker images. To facilitate this, you can always get the latest RPC available functionality within your tasking via:
That will print out all of the information for the available functions if you're ever in doubt about what's available or how to call the functions. When you find a function you want to call, you do it as follows:
where you always call await MythicRPC().execute
with the first parameter being the name of the function to call and all of the other arguments being passed in like normal function arguments.
The function set is moving towards a standard nomenclature - create_*
for when you want to create/register/add something to the database, get_*
for when you want to fetch something from the database, and delete_*
when you want to remove something from the database or mark it as deleted. The current set of functionality for 2.2.8 is as follows:
Your Payload Type container can actually call RPC functions defined within your C2 profile as well. You must have Mythic 2.2.8 and a PayloadType container version of at least 9 to leverage this functionality. These just have a slightly different format:
The key things to notice here are:
the function you execute is called execute_c2rpc
instead of just execute
The message
parameter is always a string. If you need to send a dictionary to your C2 profile, use json.dumps({dictionary here})
(make sure you import json
at the top)
Your response back will have the same status
, response
, and error
as the other kind of RPC functions.
If you are creating your own C2, you can create your own C2 RPC functions! Inside of your mythic/c2_functions
folder for your C2 Profile, create a file called C2_RPC_functions.py
(it might already exist for you). This is where you can create as many RPC function endpoints as you want! They just have the following format: