Skip to content

Releases: Ne0nd0g/merlin-agent

v2.4.1

23 Apr 04:47
d40b50a
Compare
Choose a tag to compare

Changed

  • Upgraded golang.org/x/crypto v0.21.0 => v0.22.0
  • Upgraded golang.org/x/sys v0.18.0 => v0.19.0
  • Upgraded golang.org/x/mod v0.16.0 => v0.17.0
  • Upgraded golang.org/x/tools v0.19.0 => v0.20.0
  • Upgraded golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 => v0.0.0-20240416160154-fe59bbe5cc7f
  • Upgraded github.com/google/pprof v0.0.0-20240320155624-b11c3daa6f07 => v0.0.0-20240422182052-72c8669ad3e7
  • Upgraded github.com/onsi/ginkgo/v2 v2.17.0 => v2.17.1
  • Upgraded github.com/klauspost/compress v1.17.7 => v1.17.8
  • Upgraded github.com/refraction-networking/utls v1.6.3 => v1.6.4
  • GoVulnCheck to use the latest version of Go

Security

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.4.0

23 Mar 15:58
653ac55
Compare
Choose a tag to compare

Added

  • Mythic client handles multiple HTTP headers with the Mythic http C2 Profile
  • Automatic Windows HTTP proxy authentication through the winhttp API
  • Added the -http-client command line argument and HTTPCLIENT Makefile variable to specify which HTTP client to use
    • Use go for the default Go HTTP client
    • Use winhttp API for HTTP C2
  • Use go build tags to control which C2 clients are compiled into the agent. Build Tags
    • When ANY build tag is included, the agent will ONLY include that feature and nothing else. For example, if ONLY the http tag is provided, the SMB, TCP, and UDP clients will not be included.
    • If one of the following build tags is used, then only the C2 profiles provided will be compiled in
    • http - Include all HTTP clients (including HTTP/1.1, HTTP/2, and HTTP/3)
    • http1 - Include HTTP/1.1 client
    • http2 - Include HTTP/2 client
    • http3 - Include HTTP/3 client
    • winhttp - Include Windows winhttp API client
    • mythic - Include the Mythic client for the Mythic http C2 profile
    • smb - Include SMB client
    • tcp - Include TCP client
    • udp - Include UDP client

Fixed

  • Resolved several SOCKS5 issues
    • Updated Mythic client to handle post_response actions with ServerPostResponse structure to include SOCKS information
    • Created a go routine and a channel just for sending SOCKS data in place of using the Jobs channel
  • Issue 38 - Added evasion_386.go to facilitate x86 Windows builds

Changed

  • Upgraded the following libraries to their latest version
    • upgraded golang.org/x/net v0.21.0 => v0.22.0
    • upgraded github.com/google/uuid v1.5.0 => v1.6.0
    • upgraded github.com/quic-go/quic-go v0.40.1 => v0.42.0
    • upgraded github.com/refraction-networking/utls v1.6.0 => v1.6.3

Security

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.3.0

26 Dec 20:32
f0624a3
Compare
Choose a tag to compare

Added

  • Support to decode Simplified Chinese (Code Page 936) encoding to UTF-8
  • Support to decode Traditional Chinese (Code Page 950) encoding to UTF-8
  • Support to decode Korean (Code Page 949) encoding to UTF-8
  • Added RSA as a valid authentication method for Mythic EKE
  • Added mythic encoder to transform messages in the format Mythic expects them in

Changed

  • Refactored clients/mythic to correctly implement the Client interface from merlin-agent/v2 package
    • Moved encryption out of the client and into the transforms
    • Accepts authenticator, transforms, and secure TLS configuration items
  • Upgraded:
    • github.com/Ne0nd0g/merlin-message to v1.3.0
    • golang.org/x/net to v0.19.0
    • github.com/quic-go/quic-go to v0.40.1
    • github.com/refraction-networking/utls to v1.6.0
  • Removed GOGARBLE environment variable from Makefile

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.2.0

14 Dec 13:41
2b02f8c
Compare
Choose a tag to compare

Added

  • New os/windows/pkg/text package to detect and handle non UTF-8 encoding
    • Only handles ShiftJIS at this moment
    • Will replace non UTF-8 characters with a � character

Fixed

  • Issue 33 - Added handling for ShiftJIS encoding

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.1.0

27 Nov 13:38
8a421ca
Compare
Choose a tag to compare

Changed

  • Allow the TLS X509 certificate validation setting to be passed through to JA3 and Parrot clients
  • JA3 & Parrot HTTP transports use agent's -secure command line argument to determine if TLS X.509 certificate validation should be performed
  • Upgraded the following modules
    • golang.org/x/sys v0.13.0 => v0.14.0
    • golang.org/x/net v0.17.0 => v0.18.0
    • github.com/go-jose/go-jose/v3 v3.0.0 => v3.0.1
    • github.com/fatih/color v1.15.0 => v1.16.0

Fixed

  • Issue 26 - uTLS package uses HTTP proxy if provided or from environment variables
    • Implemented a custom dialer to connect to the proxy first and then the destination
  • uTLS package for correctly set the TLS version from the provided JA3 string

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v2.0.0

03 Nov 12:57
3afb90d
Compare
Choose a tag to compare

Added

  • Peer-to-Peer Agent communication methods: smb-bind, smb-reverse, tcp-bind, tcp-reverse, udp-bind, udp-reverse
    • An associated Listener UUID must be provided with -listener command line argument or LISTENER Make file variable
    • An associated network interface and port must be provided with the -addr command line argument or ADDR Make file variable
    • Delegate message type and associated handling
  • Configurable Agent authentication methods: OPAQUE & none
    • Added auth variable to main.go
    • Added AUTH variable to Make file (e.g., make windows AUTH=OPAQUE)
    • Added -auth command line argument
  • Configurable Agent transforms: gob-base, gob-string, base64-byte, base64-string, hex,-byte, hex-string, aes, jwe, rc4, and xor
    • Added transforms variable to main.go
    • Added TRANSFORMS variable to Make file (e.g., `make windows TRANSFORMS=aes,gob-base)
    • Added -transforms command line argument
  • link command for the Agent to initiate a peer-to-peer connection with a listening bind agent
    • Example: link tcp 192.168.1.72:4444
  • listener command for the Agent to start a listener to receive a connection from a reverse peer-to-peer connection
    • list to return a list of instantiated on the Agent (e.g., listener list)
    • start to start a listener based on the passed in type and interface
      • Example: listener start tcp 0.0.0.0:4444
    • stop to stop an already created listener
      • Example: listener stop tcp [::]:4444
  • unlink command to disconnect a chile peer-to-peer agent from its parent
    • Example: unlink childAgentID
  • GitHub Actions for building and testing the Merlin Agent
  • Implemented "services" and "repositories"
    • Services are: agent, client, job, message, and p2p
  • Configurable TLS x.509 certificate validation
    • Default is false, TLS certificates are not validated
    • Added -secure command line argument to require TLS X.509 certificate validation
    • Added SECURE variable to Make file (e.g., make windows SECURE=true)

Changed

  • Moved from Initial to Authenticated for Agent struct
  • Removed tests
  • Upgraded quic-go to v0.40.0
  • The Minimum supported Go version is now 1.20
  • HTTP URL rotation strategy is now random instead of round-robin
  • Replaced github.com/satori/go.uuid with github.com/google/uuid
  • Replaced github.com/square/go-jose with github.com/go-jose/go-jose
  • Replaced github.com/Ne0nd0g/merlin/pkg/messages with github.com/Ne0nd0g/merlin-message
    • Removes the need to depend on or import the Merlin Server package

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.6.5

03 Nov 12:03
b2e84d8
Compare
Choose a tag to compare

Changed

  • Replaced manual Windows DLL and procedure loads for Golang's Windows package and moved remaining to os/windows/api directory
  • Replaced PAGE_EXECUTE_READWRITE with PAGE_READWRITE for shellcode memory allocation
  • Replaced PAGE_EXECUTE with PAGE_EXECUTE_READ after shellcode memory allocation

Fixed

  • Issue 28 - Use Golang's Windows package for API calls where possible

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.6.3

04 Apr 12:45
4d0e944
Compare
Choose a tag to compare

Fixed

  • Issue 25 - Updated Mythic CheckIn structure's PID to integer

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.6.2

09 Mar 13:11
23983f5
Compare
Choose a tag to compare

Fixed

Security

  • PR 23 - Bump golang.org/x/net from 0.1.0 to 0.7.0 by dependabot

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

v1.6.1

09 Mar 12:30
eb7352c
Compare
Choose a tag to compare

Fixed

  • Issue 24 - Adjusted the shell function call

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin