Upgrading Hermes to support Mythic 3.0 (finally)

Introduction

As I was writing this post, I looked up when Mythic 3.0 came out to see how long I’ve been putting this off.

Mythic 3.0 Released May 10,2023

I’d been beating myself up for a while since all the other agents had been upgraded, but I just didn’t have the motivation (and that’s okay!). I realized it hasn’t even been a year and that I should give myself some grace. It’s open-source software, someone else could have done it if they wanted.

The day has finally arrived and I somehow found the will to setup a development environment, battle the Darling-in-docker demon, and solve cross-platform compilation again. Huge shout-out to https://twitter.com/humble_desser who took an initial look at the new Darling to see if it’d work without the kernel module :)

Check out the updated Hermes on GitHub: https://github.com/MythicAgents/hermes

NO MORE DARLING KERNEL MODULE

When I had first learned about Darling, I was ecstatic. Compiling Mach-Os from Linux?? Amazing for CI/CD, testing, and making it as easy as possible for people to install and use Hermes.

As time went on, while compiling code worked fine, the container would crash occasionally due to the instability of the Darling kernel module. These crashes were a nightmare to debug and I could never figure out why they occurred.

Darling Ditches the Kernel Module

In my initial attempts with the initial release of darlingserver, I was unable to get it working within Docker. However, I was able to get it working with the most recent versions of Darling!

No more kernel module nonsense. Just pull the Hermes container from DockerHub and you’re off to the races with Hermes now!

Hermes Building Successfully with Darling

Payload Build Steps

Hermes now reports back different steps during the build process to Mythic.

1. Configure Hermes
2. Darling Check
3. Compile
4. Lipo Universal (optional)

By clicking on the Build Progress icons you can see stdout/stderr and duration from each step.

Darling Check Step

Currently, Hermes takes about 4 minutes and 20 seconds for the first compile. It speeds up significantly during follow up builds and drops down to 1 minute and 7 seconds.

Compile Step (First Time)

Compile Step (Subsequent Runs)

Feature Showoff

Take screenshots and view them right from the tasking area.

Tasking Screenshot

View Screenshots

Download files, list out folders, and view extended attributes from the tasking area.

Lots of built-in situational awareness.

Conclusion

Hermes is out for Mythic 3.0 now! It’s much more stable and doesn’t require the Darling kernel module. You can standup your Mythic server, use mythic-cli to install Hermes from GitHub, and have your first payload built in 4 minutes and 20 seconds.

Happy hacking!