Merlin Versions Save

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

v2.1.2

1 month ago

Fixed

  • SOCKS listener was not properly handling data and connection status
    • Increased SOCKS job in/out channel size from 100 to 1,000
    • Fixed a bug where multiple SOCKS go routines were created instead of one
    • Updated readSOCKSClient() function to close the connection on any connection read error
    • Updated processMessage() to drop SOCKS jobs when the connection was already closed
    • Added NewInfoWithID() factory for SOCKS jobs information structures that keep the same Job ID for the connection lifetime

Changed

  • Upgraded the following libraries to their latest version
    • upgraded github.com/google/uuid v1.5.0 => v1.6.0
    • upgraded golang.org/x/net v0.21.0 => v0.22.0
    • upgraded golang.org/x/sync v0.5.0 => v0.6.0
    • upgraded google.golang.org/grpc v1.60.1 => v1.62.1
    • upgraded github.com/quic-go/quic-go v0.40.1 => v0.42.0

Security

  • Upgraded go-jose/v3 to v3.0.3 to address CVE-2024-28180
  • Upgraded the protobuf library to v1.33.0 to address CVE-2024-24786

The data/bin directory contains compiled versions of the Merlin CLI and Merlin Agents

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.1.1

3 months ago

Added

  • Added Qodana baseline file

Changed

  • Upgraded packages
  • github.com/Ne0nd0g/merlin-message to v1.3.0
  • github.com/quic-go/quic-go to v0.40.1
  • google.golang.org/grpc to v1.60.0
  • Modified Dockerfile
    • Upgraded ne0nd0g/merlin-base v1.5.0 in Dockerfile
    • Changed ENTRYPOINT to execute a compiled binary instead of go run
  • Removed GOGARBLE environment variable from Makefile

The data/bin directory contains compiled versions of the Merlin CLI and Merlin Agents

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.1.0

4 months ago

Fixed

  • Issue 148 - Validate & encode gRPC messages to UTF-8

The data/bin directory contains compiled versions of the Merlin CLI and Merlin Agents

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.0.0

5 months ago

Added

  • Peer-to-Peer Agent communications
  • gRPC Server for Merlin CLI
    • Default interface/port is 127.0.0.1:50051 and default password is merlin
    • -addr the address to listen for gRPC connections from the Merlin CLI
    • -password the password for CLI RPC clients to connect to the Merlin server
    • -secure require client TLS certificate verification
    • -tlsCA TLS Certificate Authority file path to verify client certificates
    • -tlsCert TLS certificate file path for the Merlin server
    • -tlsKey TLS private key file path for the Merlin server
  • Structured logging in JSON format to STDOUT using log/slog package
    • -debug enable debug output
    • -extra enable extra debug output (e.g., HTTP requests/responses)
    • -trace enable trace output to see stepping through functions
  • New SMB/UDP/TCP listeners
    • Used to configure how the listener process Agent traffic
    • Listeners DO NOT bind to interfaces/ports on the Merlin server, used for Agent configuration/generation ONLY
  • Delegate message types and functions for processing them
  • Configurable listener authentication methods for Agent communications: OPAQUE & none
  • Configurable listener transforms for Agent communications: aes, base64-byte, base64-string, hex-byte, hex-string, gob-base, gob-string, jwe, rc4, and xor
    • The last transform in the list MUST be gob-base
  • GitHub Actions for building and testing the Merlin Agent

Changed

  • Refactored some areas to align with DDD and SOLID to alleviate circular dependencies implementing peer-to-peer comms
    • Implemented base "entity" structures and "aggregates"
    • Implemented the "Repository" pattern for Agents, Delegates, Groups, Listeners, Servers
    • Implemented the "Services" patter for interacting with Agents, Listeners, & Base messages
  • Configurable JWT key value for HTTP listeners
  • Upgraded quic-go to v0.40.0
  • The Minimum supported Go version is now 1.21
  • Listeners are now handled by a UUID and no longer by a name as a string
  • Moved the build string out of main.go and into pkg/merlin.go
  • Removed PWNBoard from main.go
  • Removed wiki documentation from docs to a new repository at https://github.com/Ne0nd0g/merlin-documentation
  • Replaced github.com/satori/go.uuid with github.com/google/uuid
  • Replaced github.com/square/go-jose with github.com/go-jose/go-jose
  • Replaced github.com/Ne0nd0g/merlin/pkg/messages with github.com/Ne0nd0g/merlin-message
    • Removes the need to depend on or import the Merlin Server package

Removed

  • Removed the interactive CLI menu to Merlin CLI
    • Uses gRPC to communicate with the Merlin server

The data/bin directory contains compiled versions of the Merlin CLI and Merlin Agents

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.5.1

1 year ago

Added

  • Documentation for proxying Agent DLL provided by @HuskyHacks in PR 136

Security

  • PR 137 - Bump golang.org/x/text from 0.3.7 to 0.3.8 by dependabot
  • PR 138 - Bump golang.org/x/net from 0.0.0-20220708220712-1185a9018129 to 0.7.0 by dependabot
  • PR 139 - Bump golang.org/x/crypto from 0.0.0-20200709230013-948cd5f35899 to 0.1.0 by dependabot
  • PR 140 - Bump golang.org/x/net from 0.1.0 to 0.7.0 by dependabot

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.5.0

1 year ago

Added

  • Added new SOCKS5 functionality
    • Use socks start 9050 from the agent menu to start a SOCKS5 listener on port 9050 on the Merlin server

Changed

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.4.1

2 years ago

Fixed

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.4.0

2 years ago

Added

  • Added new memory command w/ associated API & documentation to read/write virtual memory for Windows agents
    • The read command will just read the specified number of bytes and return the results
    • The write command will just write the specified bytes without reading them first
    • The patch command will find a specified function, read the existing bytes, and then overwrite it with the provided bytes

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.3.1

2 years ago

Added

  • Added Garble builds to the Make file
    • windows-garble, linux-garble, & darwin-garble
    • THE AGENT MUST BE GARBLED WITH THE EXACT SAME SEED
    • Specify the seed at build with make linux-garble SEED=<your seed valuee>

Fixed

  • Instructing an agent to exit removes it from the server and CLI

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.3.0

2 years ago

Changed

  • Added the Integrity field to the agents.Agent and messages.SysInfo structures
  • The agent menu info command now shows the agent's integrity level
    • Windows: 2-Medium, 3-High, 4-System
    • All other OS: 3 - member of sudo group, 4 - running as root
  • Dockerfile now uses merlin-base image

The Server downloads contain a copy of all compiled agents in the data/bin directory

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin