8. Interactive Tasking
Message Structure
Messages for interactive tasking have three pieces:
If you have a command called pty
and issue it, then when that task gets sent to your agent, you have your normal tasking structure. That tasking structure includes an id for the task that's a UUID. All follow-on interactive input for that task uses the same UUID (task_id
in the above message).
The data
is pretty straight forward - it's the base64 of the raw data you're trying to send to/from this interactive task. The message_type
field is an enum of int
. It might see complicated at first, but really it boils down to providing a way to support sending control codes through the web UI, scripting, and through an opened port.
When something is coming from Mythic -> Agent, you'll typically see Input
, Exit
, or Escape
-> CtrlZ
. When sending data back from Agent -> Mythic, you'll set either Output
or Error
. This enum example also includes what the user typically sees in a terminal (ex: ^C
when you type CtrlC) along with the hex value that's normally sent. Having data split out this way can be helpful depending on what you're trying to do. Consider the case of trying to do a tab-complete
. You want to send down data and the tab character (in that order). For other things though, like escape
, you might want to send down escape
and then data (in that order for things like control sequences).
You'll probably notice that some letters are missing from the control codes above. There's no need to send along a special control code for \n
or \r
because we can send those down as part of our input. Similarly, clearing the screen isn't useful through the web UI because it doesn't quite match up as a full TTY.
Message Location
This data is located in a similar way to SOCKS and RPFWD:
the interactive
keyword takes an array of these sorts of messages to/from the agent. This keyword is at the same level in the JSON structure as action
, socks
, responses
, etc.
This means that if you send a get_tasking
request OR a post_response
request, you could get back interactive
data. The same goes for rpfwd
, socks
, and delegates
.
When sending responses back for interactive tasking, you send back an array in the interactive
keyword just like you got the data in the first place.
Last updated