Closed redAngel9012 closed 2 weeks ago
its-a-feature
commented
2 weeks ago Is this a fresh install or an older one from before? The password in the .env file is only used the very first time Mythic starts up to create the initial user. After that, the username and password in the .env file aren't used.
redAngel9012
commented
2 weeks ago This install is an older one. I left the Mythic C2 instance idle for a while, then tried logging back in today and that's when I got the error.
its-a-feature
commented
2 weeks ago hmm did you ever change your password? There's no built-in way to recover your password. If you want to keep the data you had there, then you need to:
docker exec -it mythic_postgres /bin/bash.env for postgresIf you don't want to keep the data you had before, then you can do:
sudo ./mythic-cli database reset
sudo ./mythic-cli startand everything will be wiped clean and your username/password in the .env file will be used to create the first operator again
redAngel9012
commented
2 weeks ago I was able to log on with the username and password set in the .env file after resetting the database and starting up the service. I went in and changed the password from the settings page. Thanks!
I'm unable to log onto the Mythic UI using username mythic_admin with the password set in the .env file. I tried changing it to another password, then restarted the service using sudo ./mythic-cli restart, but it continues to give me an http 403 error and to check the logs. Here are the last few lines of the logs:
sudo ./mythic-cli logs mythic_server
{"level":"error","error":"sql: no rows in result set","func":"github.com/its-a-feature/Mythic/rabbitmq.updatePayloadTypeWrappers","line":633,"wrapper":"scarecrow_wrapper","wrapped":"apollo","time":"2024-10-07T13:36:52Z","message":"Failed to find payloadtype to associate for wrapping"} {"level":"error","error":"sql: no rows in result set","func":"github.com/its-a-feature/Mythic/rabbitmq.updatePayloadTypeWrappers","line":633,"wrapper":"service_wrapper","wrapped":"apollo","time":"2024-10-07T13:36:52Z","message":"Failed to find payloadtype to associate for wrapping"} {"level":"error","error":"Need a bot account assigned to this operation that's active and not deleted","func":"github.com/its-a-feature/Mythic/rabbitmq.createGraphQLSpectatorAPITokenAndSendOnStartMessage","line":160,"time":"2024-10-07T13:36:53Z","message":"operation"} {"level":"error","error":"sql: no rows in result set","func":"github.com/its-a-feature/Mythic/rabbitmq.updatePayloadTypeC2Profiles","line":577,"c2profile":"webshell","c2profiles":["webshell","websocket","httpx","dynamichttp"],"time":"2024-10-07T13:36:53Z","message":"Failed to get c2profile to associate with payloadtype"} {"level":"error","error":"sql: no rows in result set","func":"github.com/its-a-feature/Mythic/rabbitmq.updatePayloadTypeC2Profiles","line":577,"c2profile":"websocket","c2profiles":["webshell","websocket","httpx","dynamichttp"],"time":"2024-10-07T13:36:53Z","message":"Failed to get c2profile to associate with payloadtype"} {"level":"error","error":"sql: no rows in result set","func":"github.com/its-a-feature/Mythic/rabbitmq.updatePayloadTypeC2Profiles","line":577,"c2profile":"httpx","c2profiles":["webshell","websocket","httpx","dynamichttp"],"time":"2024-10-07T13:36:53Z","message":"Failed to get c2profile to associate with payloadtype"} {"level":"error","error":"sql: no rows in result set","func":"github.com/its-a-feature/Mythic/rabbitmq.updatePayloadTypeC2Profiles","line":577,"c2profile":"dynamichttp","c2profiles":["webshell","websocket","httpx","dynamichttp"],"time":"2024-10-07T13:36:53Z","message":"Failed to get c2profile to associate with payloadtype"} {"level":"error","error":"Need a bot account assigned to this operation that's active and not deleted","func":"github.com/its-a-feature/Mythic/rabbitmq.createGraphQLSpectatorAPITokenAndSendOnStartMessage","line":160,"time":"2024-10-07T13:36:53Z","message":"operation"} {"level":"error","time":"2024-10-07T13:37:01Z","message":"[-] No 'apitoken` or 'Authorization: Bearer' token values supplied"} {"level":"error","error":"Missing JWT header","func":"github.com/its-a-feature/Mythic/authentication.TokenValid","line":72,"time":"2024-10-07T13:37:01Z","message":"Failed to extract apitoken"} {"level":"error","error":"Failed login","func":"github.com/its-a-feature/Mythic/webserver/controllers.Login","line":29,"time":"2024-10-07T13:41:32Z","message":"Failed Authentication"} {"level":"error","error":"Failed login","func":"github.com/its-a-feature/Mythic/webserver/controllers.Login","line":29,"time":"2024-10-07T14:04:11Z","message":"Failed Authentication"}
sudo ./mythic-cli logs mythic_nginx
172.18.0.1 - - [07/Oct/2024:14:04:11 +0000] "POST /auth HTTP/1.1" 403 33 "https://127.0.0.1:7443/new/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 127.0.0.1 - - [07/Oct/2024:14:04:30 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:05:00 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:05:30 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:06:00 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:06:30 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:07:00 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:07:30 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:08:00 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:08:30 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 172.18.0.1 - - [07/Oct/2024:14:08:43 +0000] "POST /auth HTTP/1.1" 403 33 "https://127.0.0.1:7443/new/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" "-" 127.0.0.1 - - [07/Oct/2024:14:09:00 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-" 127.0.0.1 - - [07/Oct/2024:14:09:31 +0000] "GET /new/login HTTP/1.1" 200 585 "-" "curl/8.5.0" "-"
I even restarted my Kali instance which is running the Mythic C2 service, but that didn't resolve the issue. Is there anything else I can try?