Closed russokiwi closed 2 years ago
I'd crack open dnSpy and throw Apollo.exe into there and see if the field Endpoint
is populated correctly on the DefaultProfile
class. Then, I'd check to see if your reverse proxy is actually receiving connections from the agent itself. If it's receiving connections, but not forwarding to Mythic, that's the link in the chain that's broken. From your error messages I also see a mismatch in protocols. You specified a callback of https://example.com/
where as you're forwarding to a non-SSL enabled C2 profile container (that's the {"port": 6666, "use_ssl": false}
. Specifying the HTTP profile to use SSL should solve your issue.
sorry for later reply just got to testing this... - and negative outcome unfortunately. I've implemented the change as suggested but put it on port 9999 (for the ssl) instead of 6666. Not quite sure however how the advise will work in theory. For example, externally we're looking at https://example.com (let's call this external end-point - ep) which has let's encrypt certs and terminatest the SSL, that in turn if it sees a URI of /9999index redirects it to internal non-ssl ep: http://127.0.0.1/9999 index address as per apache reverse proxy config. So let's change to ssl as suggested, (I guess I could use privately signed certs - let's encrypt will not support due to being in private lan), and leave the listening port on 9999 for the internal ep, so I've done this. I also left the callback port number on 443 so the agent knows the external port to call back to (assuming that's logical - the agent in theory doesn't need to know internal's port - that's the job of apache proxy). So anyway, I've tried this, no connect.. Any other suggestions ? I have metasploit and covenant working under the same reverse configuration (where external ep terminates ssl, and internal is http). There're however specific override settings exist in those that allow for such config. Here's the updated OPSEC: ` OPSEC message from http: Basic OPSEC Check Passed
Configuration Check message from http: Failed to find port, 443, in C2 Profile configuration This could indicate the use of a redirector, or a mismatch in expected connectivity.
This means there should be the following connectivity for success: Agent via HTTPS on port 443 to https://example.com/9999index (should be a redirector). Redirector then forwards request to C2 Profile container on one of the following ports: [{"port": 9999, "use_ssl": true}, {"port": 6666, "use_ssl": false}]
Alternatively, this might mean that you want to do SSL but are not using SSL within your C2 Profile container. To add SSL to your C2 profile:
Thanks very much!`
Hi, I've got a setup of apache2 terminating a domain and routing 443 for various services. For apollo the config is doing:
I then have a Mythic http C2 profile / listener on port 6666 Opsec Passes.. like so:
Server address (in the payload config) is set to https://www.example.com/6666index I've also tried as an alternate to change URI in the payload config (i.e. Server Name set to https://www.example.com and URI set to 6666index/Index
In both options I get no connect ? Why not ? Thanks!