All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added new
taskData.args.IsArgUserSupplied(name string) boolfunction- Allows devs to see if a specific arg has a value due to the default value or explicit user addition
- Updated SendMythicRPCTaskCreate to require OperatorID, TaskID, or EventStepInstanceID
- This allows the new task to be associated with the proper user instead of the callback creator
- Added new fields to the CustomBrowser Export functionality
- Added ability to create file with OperationID and OperatorID
- Added new
custombrowserstructs.CustomBrowserDefinition - Added new
HideConditionOperandvalues for PayloadType's BuildParameter Hide Conditions - Added
VerifierRegexoption to Command Parameters - Updated
SendMythicRPCCallbackCreateto allow supplyingCwdandImpersonationContextparameters - Updated
SendMythicRPCCallbackUpdateto allow supplyingCwd,ImpersonationContext, andDeadparameters - Added
SendMythicRPCCallbackTokenSearch - Added
SendMythicRPCCustomBrowserSearch - Added new Service
MythicServiceCustomBrowserwhen starting your main program - Fixed
WebhookandLoggerservices not responding toOnContainerStartmessages - Updated
ContainerVersionto"v1.4.1"
- Added a new RPC for SendMythicRPCCallbackEdgeRemove
- Added a new RPC for SendMythicRPCHandleAgentMessageJson
- Updated the following MythicRPC calls to be consistent about CallbackID, AgentCallbackID, and the use of ID in general:
- CallbackID is always an Int, AgentCallbackID is the UUID string, and all ID variables should have capital ID not Id
- SendMythicRPCCallbackDecryptBytes: AgentCallbackUUID -> AgentCallbackID
- SendMythicRPCCallbackEdgeSearch: AgentCallbackUUID -> AgentCallbackID, AgentCallbackID -> CallbackID
- SendMythicRPCCallbackEncryptBytes: AgentCallbackUUID -> AgentCallbackID
- SendMythicRPCCallbackSearch: AgentCallbackUUID -> AgentCallbackID, AgentCallbackID -> CallbackID, SearchCallbackUUID -> SearchAgentCallbackID
- SendMythicRPCCallbackUpdate: AgentCallbackUUID -> AgentCallbackID
- SendMythicRPCCallbackTokenCreate: TokenId -> TokenID
- SendMythicRPCFileCreate: AgentFileId -> AgentFileID
- SendMythicRPCFileSearch: AgentFileId -> AgentFileID
- SendMythicRPCOperationEventLogCreate: TaskId -> TaskID, CallbackId -> CallbackID, AgentCallbackId -> AgentCallbackID, OperationId -> OperationID
- SendMythicRPCPayloadOnHostCreate: PayloadId -> PayloadID
- Because all of these are technically breaking changes, I bumped the tagged version to 1.6 and the container version to 1.4
- Added UiPosition options for Payload Type Build Parameters and C2 Profile Parameters
- Added DynamicQueryFunction option for Payload Type Build Parameters
- Updated the processing for CommandHelpFunction available to Payload Types
- Updated the c2 add icon/dark mode icon to not exit when failing to read the files
- Added cwd and impersonation_context to webhook new callback data
- Added
semverfields to all service definitions - C2 Profiles can now report back agent_icon and dark_mode_agent_icon just like payload types
- Payload type build parameters now have a supported_os, group_name, and hide_conditions fields
- hide conditions allow you to specify when a specific build parameter should be hidden from user view
- group_name allows you to group like-parameters together in the UI
- supported_os allows you to limit build parameters to certain OS selections
- Payload type how has a c2 deviations parameter that allows you to modify fields of supported C2 profiles
- for example - alter the defaults, change dropdown options, hide parameters completely
- Payload type now has option to specify custom
helpfunction
- Fixed a bug where ContainerOnStart wasn't getting applied to loggers or webhooks
- Updated the C2RPCOtherServiceRPCMessageResponse to support indicating a RestartInternalService field
- this allows c2 services to indicate a restart is necessary of their internal services
- this function was returning without checking this response field first
- Added SearchParentTaskID option for MythicRPCTaskSearch
- Needs Mythic 3.3.1-rc56
- Updated DynamicQueryFunction definition
- You can now access OtherParameters which are the other parameters and their values
- Needs Mythic 3.3.1-rc56
- New MythicRPC calls related to tags
- Needs Mythic 3.3.1-rc56
- New ability to intercept interactive tasking follow-on messages in task
- Needs Mythic 3.3.1-rc56
- Updating eventing conditional check response struct tag
- Updated some of the rabbitmq retry logic
- Added some loops around communicating over rabbitmq in case there are errors that should self recover
- Updated fixed an issue where payload types were waiting for the wrong group of events to finish before syncing
- Fixed an issue with rabbitmq retries that would block on channel creation
- Changed RPC timeout to 20s instead of 30s
- Few rabbitmq queue definition tweaks
- re-ordered the syncing process so that translation containers sync before payload types
- Removed some rabbitmq configs that clashed with existing rabbitmq settings
- Updated the rabbitmq handling to be more resilient in errors
- Added an option to remove an existing command
- Added additional attributes for MythicRPCCallbackUpdate for updating last checkin time
- Updated PayloadType syncing to wait for all rabbitmq routes to be created first before syncing to Mythic
- Updated error message about duplicated names to be a debug message instead
- Updated MythicRPCCallbackSearch to specify a list of payload types
- Updated MythicRPCCallbackAddCommand and MythicRPCCallbackRemoveCommand to take in a list of callback ids
- Added a flag when syncing payload type data to indicate if it's a ForcedResync
- ForcedResyncs don't trigger the onStart container functionality again to prevent infinite loops
- Updated MythicRPCCallbackAddCommand and MythicRPCCallbackRemoveCommands with additional options
- Updated CreateTasking response with new field, ReprocessAtNewCommandPayloadType
- Setting that allows processing execution to transfer to the new payload type and new CommandName specified
- Updated the server stop function to not return error if the server wasn't already running
- Added support for specifying username/password when issuing stop for proxies
- Added new field for payload type definition allowing the use of display params vs original params when showing the cli history
- ContainerVersion v1.3.4
- Added support for
removeoption in Hosting files via C2 - Added a mutex around C2 functions
- Added username/password options when starting socks proxy
- ContainerVersion v1.3.3
- Added Support for Payload and Staging UUIDs to be used in the MythicRPCCallbackEncrypt and MythicRPCCallbackDecrypt functions
- added missing json tag
- Moved the OnNewCallback function around
- Fixed the C2 Debug Output routine to send final finishedReadingOutput flag
- This is updated to work with Mythic 3.3+ and will cause some issues with Mythic 3.2 and below
- New Auth
- New Eventing
- New Build/C2/Command parameter options of ChooseOneCustom and FileMultiple
- New Logging options
- Added MythicRPCAPITokenCreate
- Added MythicRPCCallbackNextCheckinRange
- Added MythicRPCFilebrowserParsePath
- Fixed an issue with getting array args from C2 Profile Parameters
- Updated gRPC specs for PushC2 to also allows OneToMany streaming
- Updated the logging package to not use logr and properly track warning/trace level messages
- Updated the onNewCallbackFunc to have the proper log information and if the function is missing, simply log info message instead of error
- Added
OperatorUsernameandOperationNameto thePTTaskMessageCallbackDatastruct with Mythic v3.2.19
- Added the
AgentTypefield to Payload Type definitions to support more kinds of payload types
- Fixed an issue where double parsing was breaking wrapper builds
- Added a
message_formatfield to payload type definitions for use at a later date - Added a
secretsfield to the following fields that gets user-supplied secrets from their settings page- PTRPCDynamicQueryFunctionMessage
- PayloadBuildMessage
- PTOnNewCallbackAllData
- PTTaskMessageAllData
- Updated the processing of stdout/stderr for running c2 profiles to only be the first 200 lines, extra are dropped
- Added the ServerName attribute to all webhookMessageBase and loggingMessageBase structs
- Updated the SubmitWebRequest method to always return the body and status code so the client can check success or error on their own
- Fixed the fetching of typed array values
- Added a check to make sure that typed array values are always having their parsing function called
- Removed the FileRegister MythicRPC Call
- Updated the FileCreate MythicRPC Call to allow TaskID, PayloadUUID, or AgentCallbackID to be supplied
- This makes it possible to register new files with Mythic during payload build, translation containers, etc
- Updated the DynamicQuery Parameters to now also have PayloadOS, PayloadUUID, CallbackDisplayID, and AgentCallbackID
- This should make it easier to use MythicRPC functionality to make more informed decisions
- Updated container version to v1.1.4, Needs Mythic v3.2.13+
- Added new MythicRPC function for searching a callbacks' edges
- Added new MythicRPC function for created a task in a specific callback
- Added new Payload definition function for
onNewCallback
- Pulled in a PR from @MEHrn00 to fix a typo in one of the MythicRPC calling definitions
- Removed the
initfunction in themythicutilspackage and added a log.fatalf check within rabbitmq, grpc, and mythicutils forMYTHIC_SERVER_HOSTandRABBITMQ_HOST- The presence of these variables for use with connecting to Mythic via rabbitmq, grpc, and http are checked right before use rather than on initialization of their modules
- This allows easier testing of various components
- Pulled in PR from @MEhrn00 to refactor config/utils into separate packages for more modular testing
- This could break things if you relied on
github.com/MythicMeta/MythicContainer/utilsfor something
- This could break things if you relied on
- Merged in PR to fix race condition for starting c2 profiles
- Added in "File" to C2 Profile Parameter types
- Fixed an issue with the input type for the MythicRPCCredentialCreate RPC call
- Added gRPC classes for Push C2
- Added C2 RPC calls for hosting files
- Added PayloadType RPC calls for parsing TypedArray values
- Added TypedArray values for Build, Command, and C2 parameters
- Updated ProxyStart/ProxyStop commands to take an optional local_port of 0 and have it dynamically chosen
- Updated BuildStep to support "Skip"
- Fixed the tracking for c2 service binaries
- Fixed the taskData.Args.GetArrayArg to properly cast to []string from []interface{}
- Added the
WrappedPayloadUUIDvalue to a payload build message so you don't just get the raw bytes
- Updated the grpc code to set maxInt for the send/recv limits with the translation containers
- Added additional check if given a string and no parseArgString function defined, to just default to the raw command line
- Updating queue name for logging/webhooks to be unique so we don't round robin the information
- Added a fix to register new response logging data
- Added new logging type for responses
- Updated the SendMythicRPCFileUpdate function to support changing the DeleteAfterFetch attribute
- Modified many of the similar C2 message structs to support new helper functions for getting arguments
- Modified the use of the supplied parameter group from the Mythic UI to be a tie breaker rather than as a manually set group name
- Added base functionality for two new C2 RPC functions - GetIOC and SampleMessage
- Changed PayloadBuildMessage.BuildParameters to be a struct with a Parameters map inside of it
- Added a suite of helper functions on it to get build parameters of various types
- Updated PTTaskMessageArgsData.Get*Arg functions to return default type-based blank values if nil
- Added suite of helper functions to PayloadBuildMessage.PayloadBuildC2Profile entries for getting C2 Parameter arguments
- Bumped the container version to v1.1.0 to account for new getIOC and SampleMessage C2 RPC Functionality
- Updated tasking to make sure specified parameter groups in the UI carry over
- Updated tasking to list out unused parameters via the task's stdout/stderr modal
- Updated the constant definitions for SupportedOS values to match the PyPi side with a capital first letter for all but macOS
- Fixed the logging service capabilities to respect the log level defined (it was being overridden by Mythic's logging level)
- Fixed translation services gRPC connections that weren't reconnecting
- Updated the way manual parameter group name is set during create tasking - now use
taskData.Args.SetManualParameterGroup
- Fixed a bug where new alert and new custom webhook fields weren't tracked for existence
- Added the ability to return updated filename when building payloads
- Added a lot of docstrings for agent structures/building
- Fixed an issue with RabbitMQ Channels not closing resulting in an ID leak
- Added new structs for connection information command parameters to be more verbose
- Updated create tasking functions to take pointer rather than value
- Started adding text descriptions for structs to make it easier for development
- updated some structs to uint64 from int to match Mythic
- fixed an issue with the Process response message routing to itself
- fixed an issue where default int values weren't getting processed properly
- updated the utils submodule to initialize on init() so that Mythic configuration can more easily be used in other projects
- updated the logging submodule to initialize on init() for easier inclusion in other projects
- Created the initial push of this code