Mythic icon indicating copy to clipboard operation
Mythic copied to clipboard

Published 20 hours ago verified publisher icon its-a-feature

[Feature Request]: default browser scripts

Open DarkC0ntributor opened this issue 8 months ago • 2 comments

I recently developed another agent and I think its a bit of a muddle to "always" copy the default browser scripts for ls, ps and download to all the agents. This also bugs me on the wire as one does not only provide e.g. file_browser but also its JSON in user_output. That's of course something a translation container can do but still...

It would be nice if the UI would handle the common hooking-features file_browser, processes and download on its own - without the need for custom browser scripts.

So if there is no browser_script configured:

  • show a file listing if user_output is not present, but file_browser is (and supported_ui_features contains file_browser:list).
  • show a process listing if user_output is not present, but processes is (and supported_ui_features contains process_browser:list).
  • show a loading bar or download button if user_output is not present, but download is (and supported_ui_features contains file_browser:download).

I am trying to do this in mythic cli. However scripting seems to have only access to user_output

DarkC0ntributor avatar Mar 11 '25 11:03 DarkC0ntributor

As of 3.3.1-rc23 you can set set_as_user_output in your file_browser data to have Mythic automatically add your file browser content to the task's user_output so that you don't have to include it twice.

I'd like to do the same for processes, but currently the process data is an array rather than a dictionary, so that makes it a bit harder to allow the optional inclusion of another field. I'm still thinking about how best to do that part.

For download though, there's currently not a standardized user_output that you could go off of for a generic browser script. For the media keyword in browser scripting, you need the file_id and the file name for it to properly render in the UI.

I hear you about having to copy stuff over as you make new agents though. Let's see if we can come up with a solution.

There's two points you're raising here:

  1. for some response data, you'd like a way to have it automatically echoed into the user_output field
  2. for some commands, you'd like a "default" browser script that Mythic provides that can be auto applied to your payload type

is that correct?

its-a-feature avatar Mar 11 '25 23:03 its-a-feature

Rather Point 2. And maybe access to other output fields from process_response? ¯_(ツ)_/¯

I think it makes sense, since Mythic already understands the special response.

  • A file listing is reported
  • A process list is reported
  • Chunk X out of Y is being sent
  • A task that did send download chunks reports to be completed

Interfering with special commands and or existing scripts can be easily avoided by checking the tasks browser_script and supported_ui_features

DarkC0ntributor avatar Mar 13 '25 19:03 DarkC0ntributor