Initial Access Payloads with Mystikal

Mystikal only runs on macOS. If you don’t have a Mac, AWS has support for x64 and AMD64 macOS. Once this is ready, there are a few prerequirements:

Follow Mythic C2 Setup instructions.
Install XCode command line tools: xcode-select --install
Install Google Chrome
Clone the repo and cd into it: git clone https://github.com/D00MFist/Mystikal && cd Mystikal
Install the PIP requirements: sudo pip3 install -r requirements.txt
Edit Settings/MythicSettings.py with your Mythic server details.

Start the Mystikal CLI with python3 mystikal.py. Follow the menu options to generate the following payloads:

Some of the payloads require more than a double-click to execute.

Installer Package
- Double-click the JSpackage.pkg file and click Allow.
Chrome Extension
- Local admin is required.
- Only works on domain-joined hosts.
- Must host manifest.xml and extension.crx after Mystikal generates them. Intended file URLs most be in MystikalSettings.py before generation.
- Double-click the .mobileconfig file. Open Settings, go to Profiles, select the profile and click Install.
VBA Word Macro
- Create a new Word document. Copy the contents of macro.txt into the macro editor.
Disk Image
- More realistic with local admin, but not required.
- Double-click the .dmg file.
  - If local admin, copy the file to Applications and then double-click it.
  - If not, double-click the file inside of the popup.
PDF
- Double-click the .pdf file.
Python PIP Package
- Open a terminal and cd to the directory with setup.cfg. Run pip3 install ..
Ruby Gem
- Open a terminal and cd to the directory with Gemfile. Run bundle install.
NodeJS NPM Package
- Open a terminal and cd to the directory with package.json. Run npm install.

Antisyphon KB