Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Mythic C2 - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#c2#ir#osint#mythic
Description

What is the "Mythic C2 - Detect" module?

The "Mythic C2 - Detect" module is a test case designed to detect misconfigurations, vulnerabilities, or specific software on a target system. It focuses on the Mythic C2 software, which is a cross-platform, post-exploit, red teaming framework built with Python3, Docker, Docker-compose, and a web browser UI. The module provides a collaborative and user-friendly interface for operators, managers, and reporting throughout red teaming activities. It has an informative severity level and was authored by pussycat0x.

Impact

The module aims to identify potential misconfigurations, vulnerabilities, or the presence of specific software on the target system. The impact of the findings will depend on the specific issues detected, which can range from minor configuration errors to critical security vulnerabilities.

How does the module work?

The "Mythic C2 - Detect" module utilizes HTTP request templates and matching conditions to perform its tests. It sends HTTP requests to the target system and evaluates the responses based on predefined conditions. One example of an HTTP request path used by this module is "/new/login" with the method "GET". The module then applies matching conditions to the response, such as checking for the presence of the "<" string in the body and verifying that the response status is 200.

The module's matching conditions are designed to identify specific patterns or characteristics that indicate the presence of the Mythic C2 software. By analyzing the responses, the module can determine if the target system exhibits the expected behavior associated with the Mythic C2 software.

For more information, refer to the reference.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/new/login
Matching conditions
word: <title>Mythic</title><and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability