From e5fe83be42c91b115692d28f691fa3cac931fe38 Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Thu, 4 Jan 2024 10:10:59 -0500 Subject: [PATCH] v2.1.1 --- README.MD | 84 +++++++++++++++++++++++------------------------ docs/CHANGELOG.MD | 2 +- 2 files changed, 42 insertions(+), 44 deletions(-) diff --git a/README.MD b/README.MD index 9305e2c0..7116f0d3 100644 --- a/README.MD +++ b/README.MD @@ -1,4 +1,4 @@ -[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/yadppqp12h445akx/branch/master?svg=true)](https://ci.appveyor.com/project/Ne0nd0g/merlin/branch/master) +[![CodeQL](https://github.com/Ne0nd0g/merlin/actions/workflows/codeql.yml/badge.svg)](https://github.com/Ne0nd0g/merlin/actions/workflows/codeql.yml) [![GoReportCard](https://goreportcard.com/badge/github.com/Ne0nd0g/merlin)](https://goreportcard.com/report/github.com/Ne0nd0g/merlin) [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0) [![Release](https://img.shields.io/github/release/Ne0nd0g/merlin.svg)](https://github.com/Ne0nd0g/merlin/releases/latest) @@ -15,76 +15,74 @@ Merlin is a cross-platform post-exploitation Command & Control server and agent Highlighted features: -- Supported C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC) -- Server and Agent: Windows, Linux, macOS (Darwin), MIPS, ARM or anything Go can [natively build](https://golang.org/doc/install/source#environment) - - [Windows DLL Agent](https://github.com/Ne0nd0g/merlin-agent-dll) -- Domain Fronting +- [merlin-cli](https://github.com/Ne0nd0g/merlin-cli) command line interface over gRPC to connect to the Merlin Server facilitating multi-user support +- Supported Agent C2 Protocols: http/1.1 clear-text, http/1.1 over TLS, HTTP/2, HTTP/2 clear-text (h2c), http/3 (http/2 over QUIC) +- Peer-to-peer (P2P) communication between Agents with bind or reverse for SMB, TCP, and UDP +- Configurable agent data encoding and encryption transforms: AES, Base64, gob, hex, JWE, RC4, and XOR + - JWE transform use [PBES2_HS512_A256KW](https://tools.ietf.org/html/rfc7518#section-4.8) PBES2 (RFC 2898) with HMAC + SHA-512 as the PRF and AES Key Wrap (RFC 3394) using 256-bit keys for the encryption scheme +- Configurable agent authenticators: + - None: No authentication + - [OPAQUE](https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-00): Asymmetric Password Authenticated Key Exchange (PAKE) +- Encrypted JWT for message authentication +- Configurable Agent message data [padding](https://merlin-c2.readthedocs.io/en/latest/agent/cli.html#padding) + to combat beaconing detections based on a fixed message size - Execute .NET assemblies in-process with `invoke-assembly` or in a sacrificial process with `execute-assembly` - Execute arbitrary Windows executables (PE) in a sacrificial process with `execute-pe` -- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC -- [OPAQUE](https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-00) Asymmetric Password Authenticated Key Exchange (PAKE) -- Encrypted JWT for authentication -- Agent traffic is an encrypted JWE using PBES2 (RFC 2898) with HMAC SHA-512 as the PRF and AES Key Wrap (RFC 3394) - using 256-bit keys for the encryption scheme. ([PBES2_HS512_A256KW](https://tools.ietf.org/html/rfc7518#section-4.8)) +- Various shellcode execution techniques: CreateThread, CreateRemoteThread, RtlCreateUserThread, QueueUserAPC - Integrated [Donut](https://github.com/Binject/go-donut), [sRDI](https://github.com/monoxgas/sRDI), and [SharpGen](https://github.com/cobbr/SharpGen) support -- C2 traffic message [padding](https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html#padding) to combat - beaconing detections based on a fixed message size -- Dynamically change the Agent's [JA3](https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html#ja3) hash +- Dynamically change the Agent's [JA3](https://merlin-c2.readthedocs.io/en/latest/agent/cli.html#ja3) hash - [Mythic](#mythic) support - [Documentation & Wiki](https://merlin-c2.readthedocs.io/en/latest/) An introductory blog post can be found here: +Supporting Repositories: +- [Merlin Agent](https://github.com/Ne0nd0g/merlin-agent) - Agent source code +- [Merlin Agent DLL](https://github.com/Ne0nd0g/merlin-agent-dll) - Agent DLL source code +- [Merlin CLI](https://github.com/Ne0nd0g/merlin-cli) - Command line interface for Merlin +- [Merlin Documentation](https://github.com/Ne0nd0g/merlin-documentation) - Documentation source code +- [Merlin on Mythic](https://github.com/MythicAgents/merlin) - Merlin agent for Mythic Framework +- [Merlin Docker](https://github.com/Ne0nd0g/merlin-docker) - Base Docker image for for Merlin images +- [Merlin Message](https://github.com/Ne0nd0g/merlin-message) - A Go library for Merlin messages exchanged between a Merlin Server and Agent + ## Quick Start -1. Download the latest compiled version of Merlin Server from the [releases](https://github.com/Ne0nd0g/merlin/releases) section - > The Server package contains a compiled Agent for all the major operating systems in the `data/bin` directory +1. Download the latest version of Merlin Server from the [releases](https://github.com/Ne0nd0g/merlin/releases) section + > The Server package contains compiled versions of the CLI and Agent for all the major operating systems in the `data/bin` directory 2. Extract the files with 7zip using the `x` function **The password is: `merlin`** 3. Start Merlin -4. Configure a [listener](https://merlin-c2.readthedocs.io/en/latest/server/menu/listeners.html) -5. Deploy an agent. See [Agent Execution Quick Start Guide](https://merlin-c2.readthedocs.io/en/latest/quickStart/agent.html) for examples -6. Pwn, Pivot, Profit +4. Start the CLI +5. Configure a [listener](https://merlin-c2.readthedocs.io/en/latest/cli/menu/listeners.html) +6. Deploy an agent. See [Agent Execution Quick Start Guide](https://merlin-c2.readthedocs.io/en/latest/quickStart/quickstart.html#merlin-agent) for examples +7. Pwn, Pivot, Profit ``` mkdir /opt/merlin;cd /opt/merlin wget https://github.com/Ne0nd0g/merlin/releases/latest/download/merlinServer-Linux-x64.7z 7z x merlinServer-Linux-x64.7z sudo ./merlinServer-Linux-x64 + ./data/bin/merlinCLI-Linux-x64 ``` -## Agents - -The [Merlin Agent](https://github.com/Ne0nd0g/merlin-agent) is kept in its own repository so that it can easily be -retrieved and compiled: - -```text -go get github.com/Ne0nd0g/merlin-agent -``` - -The [Windows DLL Agent](https://github.com/Ne0nd0g/merlin-agent-dll) is also kept in a separate repository. -See the [DLL Agent](https://merlin-c2.readthedocs.io/en/latest/agent/dll.html) documentation for building instructions. - ## Mythic -The Merlin server is a self-contained command line program that requires no installation. You just simply download it -and run it. -The command-line interface only works great if it will be used by a single operator at a time. -The Merlin agent can be controlled through [Mythic](https://github.com/its-a-feature/Mythic), which features a web-based -user interface that enables multiplayer support, and a slew of other features inherent to the project. +Merlin can be integrated and used as an agent with the [Mythic](https://github.com/its-a-feature/Mythic) a +collaborative, multi-platform, red teaming framework. -Visit the [Merlin](https://github.com/MythicAgents/merlin) repository in the MythicAgents organizaiton to get started. +Visit the [Merlin on Mythic](https://github.com/MythicAgents/merlin) repository in the MythicAgents organization +to get started. ## Misc. -* The latest development build of Merlin can be downloaded from [AppVeyor](https://ci.appveyor.com/project/Ne0nd0g/merlin-i9c58/build/artifacts) -* To compile Merlin from source, view the [Custom Build](https://merlin-c2.readthedocs.io/en/latest/agent/custom.html) page +* To compile Merlin from source, view the [Custom Build](https://merlin-c2.readthedocs.io/en/latest/quickStart/quickstart.html#merlin-server) page * For a full list of available commands: - * [Main Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/main.html) - * [Listener Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/listeners.html) - * [Agent Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html) - * [Module Menu](https://merlin-c2.readthedocs.io/en/latest/server/menu/modules.html) -* View the [Frequently Asked Questions](https://merlin-c2.readthedocs.io/en/latest/quickStart/faq.html) page + * [Main Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/main.html) + * [Listener Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/listeners.html) + * [Agent Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/agents.html) + * [Module Menu](https://merlin-c2.readthedocs.io/en/latest/cli/menu/modules.html) +* View the [Frequently Asked Questions](https://merlin-c2.readthedocs.io/en/latest/faq/faq.html) page * View the [Blog Posts](https://merlin-c2.readthedocs.io/en/latest/misc/blogs.html) page for additional information ## Slack diff --git a/docs/CHANGELOG.MD b/docs/CHANGELOG.MD index 8340447d..613f21ae 100644 --- a/docs/CHANGELOG.MD +++ b/docs/CHANGELOG.MD @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## 2.1.1 - 2024-01-03 +## 2.1.1 - 2024-01-04 ### Added