djhohnstein
commented
2 years ago Hey there!
The good news is that I do have a fix incoming at the end of the month. It'll solve this issue. If possible, please upgrade to Mythic 2.3 by:
git clone https://github.com/its-a-feature/Mythic.gitcd Mythic./install_docker_ubuntu.shgit checkout v2.3-testing./mythic-cli database reset./mythic-cli install github https://github.com/MythicAgents/Apollo.git dev -f./mythic-cli mythic start
Generate a new Apollo payload, then issue the following command:
socks 7003 (or really any port number)
This will get you up to v2.3 of Mythic, which is to be released end of month, as well as v2.0 of Apollo, which is a total rewrite of the agent itself. Once you've got your callback, the SOCKS5 server is started on the port specified (in the example, 7003). Of note here is that if you follow the install instructions to the letter here, this will brick all existing callbacks due to the database reset command.
I've tested the new version of SOCKS in Apollo v2 to be compatible with RDP, HTTPS, tools like impacket, etc. Just remember that it is a SOCKS5 proxy, not SOCKS4. If using the dev branch of Apollo and using v2.3-testing of Mythic doesn't work, please let me know.
HansMartin
Good Afternoon,
First of all: I'm not 100% certain that this is an issue of the Apollo Implant, or Mythic itself.
When opening a Socks Proxy, everything seems to work fine at first, the port opens and when connecting to the Proxy via Proxychains, I can see the tunneled (Input) traffic in Wireshark on the client machine that is originating from the proxy.
However, no response packets are received on the proxychains side (I can see them in Wireshark. but they don't seem to get rerouted through the Proxy).
Not sure where to start debugging from this point, any ideas where the issue could originate from?
Thanks in advance!