Mythic icon indicating copy to clipboard operation
Mythic copied to clipboard

Published 20 hours ago verified publisher icon its-a-feature

Support for command bundles

Open nopcorn opened this issue 1 year ago • 4 comments

I often find myself copy/pasting boilerplate commands from a list of pastables to accomplish recurring tasks (such as setting up a new agent, or accomplishing a complex login procedure). I went through the docs and the UI to see if there was such a thing as a stored script or bundle of commands, but couldn't find anything. I'd envision something like:

_run_script nameofscript

Preceding the command with an underscore so the tasking UI doesn't interpret it as an agent command, but as a meta-command.

Is this a feature that was ever considered?

nopcorn avatar Jul 05 '24 16:07 nopcorn

Great question! So, if I understand you correctly, you have a series of commands you typically run over and over again, so you'd like a way, from the UI, to be able to bundle them all together so that you can rapid fire them? Or at least have them un in sequence? Is there anything for these commands that you're changing each time?

its-a-feature avatar Jul 05 '24 17:07 its-a-feature

Hey! Yeah you've got the gist of it. Perhaps a simple example can help. When I get a new callback, I typically run a once over to grab a baseline from the machine:

ps
shell netstat -plantu
shell route -n
cat /etc/passwd
shell uname -a
...

I'll catch the beacon and paste these commands in. It would be great if I could do something like:

_run_script baseline_poseidon

Where baseline_poseidon is a bundle name I've defined. I don't currently have any requirement to change values or commands based on environment or returned data, but if I did I assume I could use the Mythic API to accomplish something more complicated.

nopcorn avatar Jul 05 '24 17:07 nopcorn

Gotcha. I think the next release is what you're looking for then. I'm hoping to release it in Beta next week, but it'll have an "eventing" system, so you can have a series of actions trigger off of an event (such as a new poseidon callback) where you can then issue all those commands. You'd simply upload a json/yaml/toml file that looks very similar to GitHub Actions

its-a-feature avatar Jul 05 '24 17:07 its-a-feature

Stellar, thank you. I didn't think to check what features were coming up. I'll update when released and give it a go. Thanks!

nopcorn avatar Jul 05 '24 17:07 nopcorn

Mythic 3.3 is now out of beta and merged into the master branch, so I think you should check out the new eventing system https://docs.mythic-c2.net/customizing/3.-consuming-containers/eventing

its-a-feature avatar Aug 30 '24 14:08 its-a-feature