Documentation ¶
Index ¶
- Constants
- Variables
- type CheckIn
- type Client
- func (client *Client) Auth(authType string, register bool) (messages.Base, error)
- func (client *Client) Get(key string) string
- func (client *Client) Initial(agent messages.AgentInfo) (messages.Base, error)
- func (client *Client) SendMerlinMessage(m messages.Base) (messages.Base, error)
- func (client *Client) Set(key string, value string) error
- type ClientTaskResponse
- type Config
- type DownloadResponse
- type Error
- type FileDownload
- type FileDownloadInitialMessage
- type Job
- type PostResponse
- type PostResponseDownload
- type PostResponseFile
- type RSARequest
- type RSAResponse
- type Response
- type ServerPostResponse
- type ServerTaskResponse
- type Task
- type Tasking
- type Tasks
- type UploadRequest
- type UploadResponse
Constants ¶
const ( // CHECKIN is Mythic action https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin CHECKIN = "checkin" // TASKING is a Mythic action https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action_get_tasking TASKING = "get_tasking" // RESPONSE is used to send a message back to the Mythic server https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-post_response RESPONSE = "post_response" // StatusError is used to when there is an error StatusError = "error" // RSAStaging is used to setup and complete the RSA key exchange https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin RSAStaging = "staging_rsa" // UPLOAD is a Mythic action https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-upload UPLOAD = "upload" // DownloadInit is used as the first download message from the Mythic server DownloadInit = 300 // DownloadSend is used after the init message to send the file DownloadSend = 301 )
Variables ¶
var Files = make(map[string]*jobs.FileTransfer)
Files is global map used to track Mythic's multi-step file transfers. I holds data between requests
Functions ¶
This section is empty.
Types ¶
type CheckIn ¶
type CheckIn struct { Action string `json:"action"` // "action": "checkin", // required IP string `json:"ip"` // "ip": "127.0.0.1", // internal ip address - required OS string `json:"os"` // "os": "macOS 10.15", // os version - required User string `json:"user"` // "user": "its-a-feature", // username of current user - required Host string `json:"host"` // "host": "spooky.local", // hostname of the computer - required PID string `json:"pid"` // "pid": 4444, // pid of the current process - required PayloadID string `json:"uuid"` // "uuid": "payload uuid", //uuid of the payload - required Arch string `json:"architecture,omitempty"` // "architecture": "x64", // platform arch - optional Domain string `json:"domain,omitempty"` // "domain": "test", // domain of the host - optional Integrity int `json:"integrity_level,omitempty"` // "integrity_level": 3, // integrity level of the process - optional ExternalIP string `json:"external_ip,omitempty"` // "external_ip": "8.8.8.8", // external ip if known - optional EncryptionKey string `json:"encryption_key,omitempty"` // "encryption_key": "base64 of key", // encryption key - optional DecryptionKey string `json:"decryption_key,omitempty"` // "decryption_key": "base64 of key", // decryption key - optional }
CheckIn is the initial structure sent to Mythic
type Client ¶
type Client struct { clients.MerlinClient AgentID uuid.UUID // TODO can this be recovered through reflection since client is embedded into agent? MythicID uuid.UUID // The identifier used by the Mythic framework Client *http.Client // Client to send messages with Protocol string // The HTTP protocol the client will use URL string // URL to send messages to (e.g., https://127.0.0.1:443/test.php) Host string // HTTP Host header value Proxy string // Proxy string Headers map[string]string // Additional HTTP headers to add to the request UserAgent string // HTTP User-Agent value PaddingMax int // PaddingMax is the maximum size allowed for a randomly selected message padding length JA3 string // JA3 is a string that represent how the TLS client should be configured, if applicable // contains filtered or unexported fields }
Client is a type of MerlinClient that is used to send and receive Merlin messages from the Merlin server
func (*Client) Auth ¶
Auth is used to match the merlin client interface but isn't currently used; Should probably fix the interface definition
func (*Client) Get ¶
Get is a generic function that is used to retrieve the value of a Client's field
func (*Client) Initial ¶
Initial executes the specific steps required to establish a connection with the C2 server and checkin or register an agent
func (*Client) SendMerlinMessage ¶
SendMerlinMessage takes in a Merlin message structure, performs any encoding or encryption, and sends it to the server The function also decodes and decrypts response messages and return a Merlin message structure. This is where the client's logic is for communicating with the server.
type ClientTaskResponse ¶
type ClientTaskResponse struct { ID uuid.UUID `json:"task_id"` Output string `json:"user_output"` Status string `json:"status"` Completed bool `json:"completed"` }
ClientTaskResponse is the structure used to return the results of a task to the Mythic server https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-post_response
type Config ¶
type Config struct { AgentID uuid.UUID // The Agent's UUID PayloadID string // The UUID used with the Mythic framework Protocol string // Proto contains the transportation protocol the agent is using (i.e. http2 or http3) Host string // Host is used with the HTTP Host header for Domain Fronting activities URL string // URL is the protocol, domain, and page that the agent will communicate with (e.g., https://google.com/test.aspx) Proxy string // Proxy is the URL of the proxy that all traffic needs to go through, if applicable UserAgent string // UserAgent is the HTTP User-Agent header string that Agent will use while sending traffic PSK string // PSK is the Pre-Shared Key secret the agent will use to start authentication JA3 string // JA3 is a string that represent how the TLS client should be configured, if applicable Padding string // Padding is the max amount of data that will be randomly selected and appended to every message }
Config is a structure that is used to pass in all necessary information to instantiate a new Client
type DownloadResponse ¶
DownloadResponse is the servers response to a FileDownload message
type FileDownload ¶
type FileDownload struct { Chunk int `json:"chunk_num"` FileID string `json:"file_id"` // UUID from FileDownloadResponse TaskID string `json:"task_id"` Data string `json:"chunk_data"` // Base64 encoded data }
FileDownload sends a chunk of Base64 encoded data from the agent to the server
type FileDownloadInitialMessage ¶
type FileDownloadInitialMessage struct { NumChunks int `json:"total_chunks"` TaskID string `json:"task_id"` FullPath string `json:"full_path"` IsScreenshot bool `json:"is_screenshot"` }
FileDownloadInitialMessage contains the information for the initial step of the file download process
type PostResponse ¶
type PostResponse struct { Action string `json:"action"` Responses []ClientTaskResponse `json:"responses"` // TODO This needs to be an interface so it can handle both ClientTaskResponse and FileDownloadInitialMessage }
PostResponse is the structure used to sent a list of messages from the agent to the server
type PostResponseDownload ¶
type PostResponseDownload struct { Action string `json:"action"` Responses []FileDownload `json:"responses"` }
PostResponseDownload is used to send a response to the Mythic server
type PostResponseFile ¶
type PostResponseFile struct { Action string `json:"action"` Responses []FileDownloadInitialMessage `json:"responses"` }
PostResponseFile is the structure used to sent a list of messages from the agent to the server
type RSARequest ¶
type RSARequest struct { Action string `json:"action"` // staging_rsa PubKey string `json:"pub_key"` // base64 of public RSA key SessionID string `json:"session_id"` // 20 character string; unique session ID for this callback }
RSARequest is used by the client to send the server it's RSA public key https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin#eke-by-generating-client-side-rsa-keys
type RSAResponse ¶
type RSAResponse struct { Action string `json:"action"` // staging_rsa ID string `json:"uuid"` // new UUID for the next message SessionKey string `json:"session_key"` // Base64( RSAPub( new aes session key ) ) SessionID string `json:"session_id"` // same 20 char string back }
RSAResponse contains the derived session key that is encrypted with the agent's RSA key https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin#eke-by-generating-client-side-rsa-keys
type Response ¶
type Response struct { Action string `json:"action"` ID string `json:"id"` Status string `json:"status"` }
Response is the message structure returned from the Mythic server
type ServerPostResponse ¶
type ServerPostResponse struct { Action string `json:"action"` Responses []ServerTaskResponse `json:"responses"` }
ServerPostResponse structure holds a list of ServerTaskResponse structure
type ServerTaskResponse ¶
type ServerTaskResponse struct { ID string `json:"task_id"` Status string `json:"status"` Error string `json:"error"` FileID string `json:"file_id"` }
ServerTaskResponse is the message Mythic returns to the client after it sent a ClientTaskResponse message https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-post_response
type Task ¶
type Task struct { ID string `json:"id"` Command string `json:"command"` Params string `json:"parameters"` Time float64 `json:"timestamp"` }
Task contains the task identifier, command, and parameters for the agent to execute
type UploadRequest ¶
type UploadRequest struct { Action string `json:"action"` TaskID string `json:"task_id"` // the associated task that caused the agent to pull down this file FileID string `json:"file_id"` // the file specified to pull down to the target Path string `json:"full_path"` // ull path to uploaded file on Agent's host Size int `json:"chunk_size"` // bytes of file per chunk Chunk int `json:"chunk_num"` // which chunk are we currently pulling down }
UploadRequest is message https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-upload
type UploadResponse ¶
UploadResponse is the message sent from the server to an agent https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-upload