Documentation
¶
Index ¶
- Constants
- Variables
- type CheckIn
- type Client
- func (client *Client) Auth(authType string, register bool) (messages.Base, error)
- func (client *Client) Get(key string) string
- func (client *Client) Initial(agent messages.AgentInfo) (messages.Base, error)
- func (client *Client) SendMerlinMessage(m messages.Base) (messages.Base, error)
- func (client *Client) Set(key string, value string) error
- type ClientTaskResponse
- type Config
- type DownloadResponse
- type Error
- type FileDownload
- type FileDownloadInitialMessage
- type Job
- type PostResponse
- type PostResponseDownload
- type PostResponseFile
- type RSARequest
- type RSAResponse
- type Response
- type ServerPostResponse
- type ServerTaskResponse
- type Task
- type Tasking
- type Tasks
- type UploadRequest
- type UploadResponse
Constants ¶
const ( // CHECKIN is Mythic action https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin CHECKIN = "checkin" // TASKING is a Mythic action https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action_get_tasking TASKING = "get_tasking" // RESPONSE is used to send a message back to the Mythic server https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-post_response RESPONSE = "post_response" // StatusError is used to when there is an error StatusError = "error" // RSAStaging is used to setup and complete the RSA key exchange https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin RSAStaging = "staging_rsa" // UPLOAD is a Mythic action https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-upload UPLOAD = "upload" // DownloadInit is used as the first download message from the Mythic server DownloadInit = 300 // DownloadSend is used after the init message to send the file DownloadSend = 301 )
Variables ¶
var Files = make(map[string]*jobs.FileTransfer)
Files is global map used to track Mythic's multi-step file transfers. I holds data between requests
Functions ¶
This section is empty.
Types ¶
type CheckIn ¶
type CheckIn struct {
Action string `json:"action"` // "action": "checkin", // required
IP string `json:"ip"` // "ip": "127.0.0.1", // internal ip address - required
OS string `json:"os"` // "os": "macOS 10.15", // os version - required
User string `json:"user"` // "user": "its-a-feature", // username of current user - required
Host string `json:"host"` // "host": "spooky.local", // hostname of the computer - required
PID string `json:"pid"` // "pid": 4444, // pid of the current process - required
PayloadID string `json:"uuid"` // "uuid": "payload uuid", //uuid of the payload - required
Arch string `json:"architecture,omitempty"` // "architecture": "x64", // platform arch - optional
Domain string `json:"domain,omitempty"` // "domain": "test", // domain of the host - optional
Integrity int `json:"integrity_level,omitempty"` // "integrity_level": 3, // integrity level of the process - optional
ExternalIP string `json:"external_ip,omitempty"` // "external_ip": "8.8.8.8", // external ip if known - optional
EncryptionKey string `json:"encryption_key,omitempty"` // "encryption_key": "base64 of key", // encryption key - optional
DecryptionKey string `json:"decryption_key,omitempty"` // "decryption_key": "base64 of key", // decryption key - optional
}
CheckIn is the initial structure sent to Mythic
type Client ¶
type Client struct {
clients.MerlinClient
AgentID uuid.UUID // TODO can this be recovered through reflection since client is embedded into agent?
MythicID uuid.UUID // The identifier used by the Mythic framework
Client *http.Client // Client to send messages with
Protocol string // The HTTP protocol the client will use
URL string // URL to send messages to (e.g., https://127.0.0.1:443/test.php)
Host string // HTTP Host header value
Proxy string // Proxy string
Headers map[string]string // Additional HTTP headers to add to the request
UserAgent string // HTTP User-Agent value
PaddingMax int // PaddingMax is the maximum size allowed for a randomly selected message padding length
JA3 string // JA3 is a string that represent how the TLS client should be configured, if applicable
// contains filtered or unexported fields
}
Client is a type of MerlinClient that is used to send and receive Merlin messages from the Merlin server
func (*Client) Auth ¶
Auth is used to match the merlin client interface but isn't currently used; Should probably fix the interface definition
func (*Client) Get ¶
Get is a generic function that is used to retrieve the value of a Client's field
func (*Client) Initial ¶
Initial executes the specific steps required to establish a connection with the C2 server and checkin or register an agent
func (*Client) SendMerlinMessage ¶
SendMerlinMessage takes in a Merlin message structure, performs any encoding or encryption, and sends it to the server The function also decodes and decrypts response messages and return a Merlin message structure. This is where the client's logic is for communicating with the server.
type ClientTaskResponse ¶
type ClientTaskResponse struct {
ID uuid.UUID `json:"task_id"`
Output string `json:"user_output"`
Status string `json:"status"`
Completed bool `json:"completed"`
}
ClientTaskResponse is the structure used to return the results of a task to the Mythic server https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-post_response
type Config ¶
type Config struct {
AgentID uuid.UUID // The Agent's UUID
PayloadID string // The UUID used with the Mythic framework
Protocol string // Proto contains the transportation protocol the agent is using (i.e. http2 or http3)
Host string // Host is used with the HTTP Host header for Domain Fronting activities
URL string // URL is the protocol, domain, and page that the agent will communicate with (e.g., https://google.com/test.aspx)
Proxy string // Proxy is the URL of the proxy that all traffic needs to go through, if applicable
UserAgent string // UserAgent is the HTTP User-Agent header string that Agent will use while sending traffic
PSK string // PSK is the Pre-Shared Key secret the agent will use to start authentication
JA3 string // JA3 is a string that represent how the TLS client should be configured, if applicable
Padding string // Padding is the max amount of data that will be randomly selected and appended to every message
}
Config is a structure that is used to pass in all necessary information to instantiate a new Client
type DownloadResponse ¶
DownloadResponse is the servers response to a FileDownload message
type FileDownload ¶
type FileDownload struct {
Chunk int `json:"chunk_num"`
FileID string `json:"file_id"` // UUID from FileDownloadResponse
TaskID string `json:"task_id"`
Data string `json:"chunk_data"` // Base64 encoded data
}
FileDownload sends a chunk of Base64 encoded data from the agent to the server
type FileDownloadInitialMessage ¶
type FileDownloadInitialMessage struct {
NumChunks int `json:"total_chunks"`
TaskID string `json:"task_id"`
FullPath string `json:"full_path"`
IsScreenshot bool `json:"is_screenshot"`
}
FileDownloadInitialMessage contains the information for the initial step of the file download process
type PostResponse ¶
type PostResponse struct {
Action string `json:"action"`
Responses []ClientTaskResponse `json:"responses"` // TODO This needs to be an interface so it can handle both ClientTaskResponse and FileDownloadInitialMessage
}
PostResponse is the structure used to sent a list of messages from the agent to the server
type PostResponseDownload ¶
type PostResponseDownload struct {
Action string `json:"action"`
Responses []FileDownload `json:"responses"`
}
PostResponseDownload is used to send a response to the Mythic server
type PostResponseFile ¶
type PostResponseFile struct {
Action string `json:"action"`
Responses []FileDownloadInitialMessage `json:"responses"`
}
PostResponseFile is the structure used to sent a list of messages from the agent to the server
type RSARequest ¶
type RSARequest struct {
Action string `json:"action"` // staging_rsa
PubKey string `json:"pub_key"` // base64 of public RSA key
SessionID string `json:"session_id"` // 20 character string; unique session ID for this callback
}
RSARequest is used by the client to send the server it's RSA public key https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin#eke-by-generating-client-side-rsa-keys
type RSAResponse ¶
type RSAResponse struct {
Action string `json:"action"` // staging_rsa
ID string `json:"uuid"` // new UUID for the next message
SessionKey string `json:"session_key"` // Base64( RSAPub( new aes session key ) )
SessionID string `json:"session_id"` // same 20 char string back
}
RSAResponse contains the derived session key that is encrypted with the agent's RSA key https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/initial-checkin#eke-by-generating-client-side-rsa-keys
type Response ¶
type Response struct {
Action string `json:"action"`
ID string `json:"id"`
Status string `json:"status"`
}
Response is the message structure returned from the Mythic server
type ServerPostResponse ¶
type ServerPostResponse struct {
Action string `json:"action"`
Responses []ServerTaskResponse `json:"responses"`
}
ServerPostResponse structure holds a list of ServerTaskResponse structure
type ServerTaskResponse ¶
type ServerTaskResponse struct {
ID string `json:"task_id"`
Status string `json:"status"`
Error string `json:"error"`
FileID string `json:"file_id"`
}
ServerTaskResponse is the message Mythic returns to the client after it sent a ClientTaskResponse message https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-post_response
type Task ¶
type Task struct {
ID string `json:"id"`
Command string `json:"command"`
Params string `json:"parameters"`
Time float64 `json:"timestamp"`
}
Task contains the task identifier, command, and parameters for the agent to execute
type UploadRequest ¶
type UploadRequest struct {
Action string `json:"action"`
TaskID string `json:"task_id"` // the associated task that caused the agent to pull down this file
FileID string `json:"file_id"` // the file specified to pull down to the target
Path string `json:"full_path"` // ull path to uploaded file on Agent's host
Size int `json:"chunk_size"` // bytes of file per chunk
Chunk int `json:"chunk_num"` // which chunk are we currently pulling down
}
UploadRequest is message https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-upload
type UploadResponse ¶
UploadResponse is the message sent from the server to an agent https://docs.mythic-c2.net/customizing/c2-related-development/c2-profile-code/agent-side-coding/action-upload
Source Files