Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not receiving callbacks on HTTP profile with SSL enabled #84

Open
j2671724 opened this issue Feb 25, 2025 · 1 comment
Open

Not receiving callbacks on HTTP profile with SSL enabled #84

j2671724 opened this issue Feb 25, 2025 · 1 comment

Comments

@j2671724
Copy link

Hello,

I've been having issues getting callbacks with the Athena agent/HTTP profile when SSL is enabled. I initially thought this was an issue with the C2 profile itself and opened an issue under its-a-feature/Mythic#443 but after some additional testing, I was able to confirm SSL is working with the Apollo agent.

I'm using the Athena agent with the self-signed key/cert automatically generated by the HTTP profile. Seems the requests are getting to the host Mythic is running on, but no active callbacks appear in the UI. Not getting any feedback from Stdout/Stderr for the HTTP profile in the UI, either. This is with no redirectors, so callbacks are going directly to the HTTP profile.

I had no issues with callbacks when running port 80.

This is a sample of the output I get if I run mythic-cli logs Athena, not sure if they will provide any insight:

warning CS8618: Non-nullable property 'Container' must contain a non-null value when exiting constructor. Consider adding the 'required' modifier or declaring the property as nullable. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.cs(32,44): warning CS8622: Nullability of reference types in type of parameter 'sender' of 'void AthenaCore.OnTaskingReceived(object sender, TaskingReceivedArgs args)' doesn't match the target delegate 'EventHandler<TaskingReceivedArgs>' (possibly because of nullability attributes). [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.cs(47,29): warning CS0168: The variable 'e' is declared but never used [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/MessageManager.cs(27,16): warning CS8618: Non-nullable field 'origStdOut' must contain a non-null value when exiting constructor. Consider adding the 'required' modifier or declaring the field as nullable. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.cs(98,24): warning CS8601: Possible null reference assignment. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.cs(166,74): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.cs(148,28): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/TaskManager.cs(104,39): warning CS8602: Dereference of a possibly null reference. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/TaskManager.cs(121,62): warning CS8604: Possible null reference argument for parameter 'plug' in 'void ITokenManager.RunTaskImpersonated(IPlugin plug, ServerJob job)'. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/TaskManager.cs(24,27): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/MessageManager.cs(226,35): warning CS8601: Possible null reference assignment. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/TaskManager.cs(240,95): warning CS8604: Possible null reference argument for parameter 'plug' in 'void ITokenManager.HandleInteractivePluginImpersonated(IInteractivePlugin plug, ServerJob job, InteractMessage message)'. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/TaskManager.cs(246,46): warning CS8602: Dereference of a possibly null reference. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/MessageManager.cs(339,35): warning CS1998: This async method lacks 'await' operators and will run synchronously. Consider using the 'await' operator to await non-blocking API calls, or 'await Task.Run(...)' to do CPU-bound work on a background thread. [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/Managers/MessageManager.cs(22,28): warning CS0649: Field 'MessageManager.origStdOut' is never assigned to, and will always have its default value null [/tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/AthenaCore.csproj]\n  AthenaCore -> /tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/bin/Release/net8.0/win-x64/977NPFAN9V.dll\n  AthenaCore -> /tmp/tmpgqcvxj8e270b2967-3157-4d34-b10a-7a951077ad6d/AthenaCore/bin/Release/net8.0/win-x64/publish/\n"
CRITICAL 2025-02-25 17:09:04,470 build  548 : stderr: b''

The callback host I have configured for the payload is https://10.0.0.5:443 and it passes the payload config check.

Mythic Version: v3.3.1-rc35
UI Version: v0.2.75

Thanks!
@j2671724 j2671724 mentioned this issue Feb 25, 2025
Open
@j2671724
Copy link
Author

I am also seeing a difference in the TLS handshake between the Apollo agent (that is working) vs Athena. Looks like Apollo is negotiating TLS 1.2 and Athena TLS 1.3.

Here are the handshakes captured in wireshark on the client (apollo on left and athena on right):

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@j2671724