Closed pakahonta closed 1 week ago
its-a-feature
commented
1 week ago you got this after just generating an Apollo payload?
can you do sudo ./mythic-cli logs apollo as it seems that container is restarting. I'd also like to see sudo ./mythic-cli logs mythic_rabbitmq and docker stats
pakahonta
commented
1 week ago Actually, I often get 502 errors after generating payloads (apollo, merlin). For example, ealier after generating merlin payload I had to reinstalled mythic and then it worked. But now I dont understand..decided to look at the logs and create an issue here.
I reinstalled mythic without apollo and http. Uninstall with the following commands: sudo rm -r path_to_mythic sudo docker stop $(sudo docker ps -q) sudo docker rm $(sudo docker ps -a -q)
So, sudo ./mythic-cli logs mythic_rabbitmq [+] updated config, echoing it out mqtt.allow_anonymous = false log.file = false log.default.level = error log.exchange = false log.connection.level = error log.channel.level = critical log.upgrade.level = none log.federation.level = none log.mirroring.level = none log.queue.level = critical
default_user = mythic_user default_pass = a17IUtFjocKm9jz2hWcaI3LYYEG76E default_vhost = mythic_vhost listeners.tcp.default = 5672 =INFO REPORT==== 15-Oct-2024::18:21:25.118637 === alarm_handler: {set,{system_memory_high_watermark,[]}} 2024-10-15 18:21:37.994171+00:00 [notice] <0.44.0> Application syslog exited with reason: stopped 2024-10-15 18:21:38.009162+00:00 [notice] <0.254.0> Logging: switching to configured handler(s); following messages may not be visible in this log output
########## Copyright (c) 2007-2024 Broadcom Inc and/or its subsidiaries
########## Licensed under the MPL 2.0. Website: https://rabbitmq.com
Erlang: 26.2.5.4 [jit] TLS Library: OpenSSL - OpenSSL 3.1.7 3 Sep 2024 Release series support status: see https://www.rabbitmq.com/release-information
Doc guides: https://www.rabbitmq.com/docs Support: https://www.rabbitmq.com/docs/contact Tutorials: https://www.rabbitmq.com/tutorials Monitoring: https://www.rabbitmq.com/docs/monitoring Upgrading: https://www.rabbitmq.com/docs/upgrade
Logs:
Config file(s): /etc/rabbitmq/rabbitmq.conf /etc/rabbitmq/conf.d/10-defaults.conf
Starting broker... completed with 5 plugins
docker stats: CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS bb0672bf37ea mythic_nginx 0.00% 9.754MiB / 1.917GiB 0.50% 7.04MB / 7.1MB 15.7MB / 4.1kB 4 95c8cf4906be mythic_react 0.00% 4.441MiB / 1.917GiB 0.23% 86kB / 6.78MB 6.48MB / 4.1kB 4 49df5bc48c37 mythic_rabbitmq 0.84% 132.9MiB / 1.917GiB 6.77% 12.6MB / 12.6MB 74.9MB / 680kB 31 c14f7c03cc00 mythic_server 0.00% 6.172MiB / 1.917GiB 0.31% 404kB / 622kB 27.2MB / 26MB 6 40602fa6e7b3 mythic_jupyter 0.01% 84.79MiB / 1.917GiB 4.32% 1.85kB / 0B 156MB / 20.5kB 3 64d29ba3754b mythic_postgres 0.08% 55.08MiB / 1.917GiB 2.81% 2.35MB / 2.37MB 67.4MB / 99MB 10 339cf6d34d8b mythic_graphql 0.79% 431.7MiB / 1.917GiB 21.98% 1.99MB / 1.74MB 122MB / 38.7MB 15 0bb40d4aad2d mythic_documentation 0.09% 47.42MiB / 1.917GiB 2.42% 1.85kB / 0B 62.8MB / 0B 9 32fff0b966c0 http 0.00% 6.641MiB / 1.917GiB 0.34% 0B / 0B 32.5MB / 32.3MB 7
its-a-feature
commented
1 week ago ah, I bet I see the issue. This system has 2GB of RAM? That's why you're seeing these issues after creating payloads. I think you should up the resources of the system to be 4-8 GB RAM. When you get that 502 error you don't need to completely stop and uninstall Mythic either, what I believe is happening:
I bet after it finishes building, things would restart and come back online, but it will keep happening. Because these agents are dynamically compiled each time, the resources needed are a bit higher than this system appears to be providing. I'd recommend 2-4 vCPU and 4-8 GB RAM.
pakahonta
commented
1 week ago Thanks for the replies! Yes, 2GB of RAM. How to remove mythic completely from my system and make a clean install?
its-a-feature
commented
1 week ago easiest is going to be:
sudo ./mythic-cli stop
sudo docker system prune -a
cd ..
rm -rf mythicwill stop Mythic, clear all docker images and volumes, and remove the cloned mythic folder
pakahonta
commented
1 week ago Thanks so much! I think this question has to be closed!
Hello. Once, after creating mythic agent I couldn't connect to the UI with the error 502. mythic-cli logs mythic_server: 2024-10-15T18:31:36Z INF Attempting to connect to rabbitmq func=github.com/its-a-feature/Mythic/rabbitmq.(rabbitMQConnection).GetConnection line=157 2024-10-15T18:31:36Z ERR Failed to connect to rabbitmq error="dial tcp 127.0.0.1:5672: connect: connection refused" func=github.com/its-a-feature/Mythic/rabbitmq.(rabbitMQConnection).GetConnection line=171 2024-10-15T18:31:41Z INF Attempting to connect to rabbitmq func=github.com/its-a-feature/Mythic/rabbitmq.(rabbitMQConnection).GetConnection line=157 2024-10-15T18:31:41Z ERR Failed to connect to rabbitmq error="dial tcp 127.0.0.1:5672: connect: connection refused" func=github.com/its-a-feature/Mythic/rabbitmq.(rabbitMQConnection).GetConnection line=171
I reinstalled mythic, removed docker containers, reset database and I got errors above. Everytime.
./mythic-cli status: MYTHIC SERVICE WEB ADDRESS BOUND LOCALLY Nginx (Mythic Web UI) https://127.0.0.1:7443 false Mythic Backend Server http://127.0.0.1:17443 true Hasura GraphQL Console http://127.0.0.1:8080 true Jupyter Console http://127.0.0.1:8888 true Internal Documentation http://127.0.0.1:8090 true
ADDITIONAL SERVICES ADDRESS BOUND LOCALLY Postgres Database postgresql://mythic_user:password@127.0.0.1:5432/mythic_db true React Server http://127.0.0.1:3000/new true RabbitMQ amqp://mythic_user:password@127.0.0.1:5672 true
Mythic Main Services CONTAINER NAME STATE STATUS MOUNT PORTS mythic_documentation running Up 9 minutes (healthy) local 8090/tcp -> 127.0.0.1:8090 mythic_graphql running Up 8 minutes (healthy) N/A 8080/tcp -> 127.0.0.1:8080 mythic_jupyter running Up 9 minutes (healthy) local 8888/tcp -> 127.0.0.1:8888 mythic_nginx running Up 9 minutes (healthy) local 7443/tcp -> :::7443, 7443 mythic_postgres running Up 9 minutes (healthy) local 5432/tcp -> 127.0.0.1:5432 mythic_rabbitmq running Up 9 minutes (healthy) local 5672/tcp -> 127.0.0.1:5672 mythic_react running Up 9 minutes (healthy) local 3000/tcp -> 127.0.0.1:3000 mythic_server running Up 9 minutes (unhealthy) local 7000/tcp -> 127.0.0.1:7000, 7001/tcp -> 127.0.0.1:7001, 7002/tcp -> 127.0.0.1:7002, 7003/tcp -> 127.0.0.1:7003, 7004/tcp -> 127.0.0.1:7004, 7005/tcp -> 127.0.0.1:7005, 7006/tcp -> 127.0.0.1:7006, 7007/tcp -> 127.0.0.1:7007, 7008/tcp -> 127.0.0.1:7008, 7009/tcp -> 127.0.0.1:7009, 7010/tcp -> 127.0.0.1:7010, 17443/tcp -> 127.0.0.1:17443, 17444/tcp -> 127.0.0.1:17444
Installed Services CONTAINER NAME STATE STATUS MOUNT apollo restarting Restarting (1) 15 seconds ago apollo_volume http running Up 9 minutes http_volume
2024/10/15 18:30:37 [] RabbitMQ is currently listening on localhost. If you have a remote Service, they will be unable to connect (i.e. one running on another server) 2024/10/15 18:30:37 Use 'sudo ./mythic-cli config set rabbitmq_bind_localhost_only false' and restart mythic ('sudo ./mythic-cli restart') to change this 2024/10/15 18:30:37 [] MythicServer is currently listening on localhost. If you have a remote Service, they will be unable to connect (i.e. one running on another server) 2024/10/15 18:30:37 Use 'sudo ./mythic-cli config set mythic_server_bind_localhost_only false' and restart mythic ('sudo ./mythic-cli restart') to change this 2024/10/15 18:30:37 [*] If you are using a remote PayloadType or C2Profile, they will need certain environment variables to properly connect to Mythic. 2024/10/15 18:30:37 Use 'sudo ./mythic-cli config service' for configs for these services.
Can u help me? Thanks