Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Merlin: A cross-platform command and control server and agent written in Go

0
0
Merlin (BETA)
Merlin: A cross-platform command and control server and agent written in Go

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

An introductory blog post can be found here: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a


Merlin: A cross-platform command and control server and agent written in Go
Quick Start Download the latest version of Merlin Server from the releases section Extract the files with 7zip using the x function. The password is: merlin Start Merlin Deploy an agent. See Agent Execution Quick Start Guide for examples Pwn, Pivot, Profit mkdir /opt/merlin;cd /opt/merlin wget https://github.com/Ne0nd0g/merlin/releases/download/v0.1.4/merlinServer-linux-x64-v0.1.4.7z 7z x merlinServer-Linux-x64-v0.1.4.7z sudo ./merlinServer-Linux-x64 Misc. To compile Merlin from source, view the Building or Running from Source wiki page For a full list of available commands view the Main Menu , Agent Menu , and Module Menu wiki pages View the FAQ wiki page for Frequently Asked Questions View the Blog Posts page for additional information Merlin Server Command Line Flags

./merlinServer-Linux-x64 -h

-debug Enable debug output -i string The IP address of the interface to bind to (default "0.0.0.0") -p int Merlin Server Port (default 443) -v Enable verbose output -x509cert string The x509 certificate for the HTTPS listener (default "C:\\Merlin\\data\\x509\\server.crt") -x509key string The x509 certificate key for the HTTPS listener (default "C:\\Merlin\\data\\x509\\server.key") Merlin Agent Command Line Flags

./merlinAgent-Linux-x64 -h

-debug Enable debug output -sleep duration Time for agent to sleep (default 10s) -skew int Variable time skew for agent to sleep -url string Full URL for agent to connect to (default "https://127.0.0.1:443") -v Enable verbose output TLS Certificates

WARNING: You should generate your own TLS certificates and replace the default certificates that ship with Merlin

To facilitate ease of use, a TLS X.509 private and public certificate is distributed with Merlin. This allows a user to start using Merlin right away. However, this key is widely distributed and is considered public knowledge. You should generate your own certificates and replace the default certificates that ship with Merlin. The default location for the certificates is the data/x509 directory. The openssl command can be used from a Linux system to generate a key pair.


Viewing all articles
Browse latest Browse all 12749