Loading Commands

Example (user tasking):

Any command is able to report back that it added or removed commands from the current callback.

The following response is part of the normal agent response. So, it is base64 encoded and put in the normal response format

Example (agent response):

{
    "task_id": "uuid",
    "commands": [
        {
            "action": "add",
            "cmd": "shell"
        },
        {
            "action": "add",
            "cmd": "shell_elevated"
        }
    ]
}

Walkthrough:

Agents can report back when they load or unload commands from a callback. They just include a commands keyword with an array of the commands. There are two components to this:

action is the action that occurred - either add or remove .
cmd is the name of the command that was loaded or unloaded

Loaded commands can be seen from the metadata action from a callback's dropdown. When adding a command to a callback, the version associated will be the current version known by Mythic. So, if Mythic's current version for shell is 4, when an agent reports back the add, version 4 will be associated with it.

Last updated 4 years ago