Skip to content
Compare
Choose a tag to compare

Highlights

  • Added the following commands:
    • note - Add a note to an agent
    • group - Create groups of agents to interact with
    • sdelete - Securely delete a file
    • ps - Get a Windows process list
    • touch - Timestomp a file
    • netstat - List network connections
    • pipes - List Windows named pipes
    • env - View, add, remove environment variables
    • uptime - View the host's uptime
    • queue - Queue up commands for agents or groups, even if they are not known to the server
  • Can use the sessions and interact command from any menu
  • Agent information now includes the process name
  • Pwnboard module

Build ID: 1aafa40023ba77346537035416a85742178a67fc

The Server downloads contain a copy of all compiled agents in the data/bin directory

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

Compare
Choose a tag to compare
  • Fixed Issue 107 - RunModule() tasking uses run instead of removed cmd

The Server downloads contain a copy of all compiled agents in the data/bin directory

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

Compare
Choose a tag to compare

Highlights

  • Moved agents to their own repositories: merlin-agent and merlin-agent-dll
  • Moved PRISM code
  • Added main.go to repository root for the Merlin server and removed the cmd directory all together
  • Removed Invoke-Melrin.ps1 and merlin.js from codebase completely
  • Revamped main README

Build ID: 7ea5237b6d25a86e9308395666857305f1b42da7

The Server downloads contain a copy of all compiled agents in the data/bin directory

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

Compare
Choose a tag to compare

Highlights

  • Added nslookup command to execute a DNS query using native Go
  • Added go-clr for in process .NET Common Language Runtime (CLR)
    • load-assembly to load a .NET assembly into memory
    • invoke-assembly to execute a previously loaded .NET assembly
    • list-assemblies to list previously loaded .NET assemblies
  • Added memfd command to run Linux executables in-memory as an anonymous file
  • Upgraded go-quic package to support go v1.16

Build ID: 19bffe5`

The Server downloads contain a copy of all compiled agents in the data/bin directory

Merlin documentation and Wiki can be found here

The compressed files have a password of merlin

Compare
Choose a tag to compare

Highlights

  • Added windows/x64/go/exec/createProcess extended module with redirected STDOUT/STDERR over anonymous pipes
  • Added windows/x64/csharp/misc/SharpGen extended module that leverages SharpGen
  • Added execute-assembly, execute-pe, and sharpgen commands to Agent menu
  • New Jobs structure so that multiple jobs and results can be sent between client and server during a single interaction
  • Added a new jobs command to view created and sent jobs
  • Added a new clear command to remove any jobs that have not been sent to the agent
  • Added Makefile agent-windows-debug build target to enable viewing verbose and debug messages
  • Added Mythic client so Merlin agent can be used with the Mythic Framework
  • Changed the shell command to actually use the operating system's default shell
  • Changed the old cmd & shell commands to just use the run command which executes the program directly without a shell
  • Removed the cmd command from the Agents menu
  • View the CHANGELOG for additional details

Build ID: be117de982e568bca441e2b57ff4ed5739148f41

The Server downloads contain a copy of all compiled agents in the data/bin directory

The compressed files have a password of merlin

Compare
Choose a tag to compare
  • Modules were not sending the first value from the modules commands section
  • Pull 97 - Incorrectly validated the module and agent platforms when the agent was set to "all"

The Server downloads contain a copy of all compiled agents in the data/bin directory

Build ID: 803c9861aa8c7f0318971d010d40937f80fa1458

The compressed files have a password of merlin

Compare
Choose a tag to compare
  • New Listeners menu. The Merlin Server no longer takes command line arguments to start
    • Start and stop as many listeners as you want without restarting the Merlin Server application
    • Listeners can be started with a list of URL that an agent can communicate with (i.e. https://127.0.0.1:443/news.php)
  • Change agent's JA3 hash on the fly
  • Support for http, https, and h2c protocols
  • Several bug and security fixes
  • View the CHANGELOG for additional details

Build ID: 506ebc462fa040ff0a1b35004adc0cfdf0c88053

The compressed files have a password of merlin

Compare
Choose a tag to compare
  • Added OPAQUE Password Authenticated Key Exchange (PAKE)
  • JWT authentication and JWE payloads
  • Go lang's gob encoding for network traffic
  • Enabled HTTP/1.1 support
  • Added the ability to set an arbitrary HTTP Host header
  • Added support to hardcode a web proxy
  • Added new PRISM binary to fingerprint Merlin server instances
  • View the CHANGELOG for additional details

The compressed files have a password of merlin

Compare
Choose a tag to compare

View the blog post for additional details

  • Cross-Platform Native Commands

  • Agent Kill Date

  • Status Command & UTC Timestamp

  • Compiling with Hard-coded URL

  • Docker File

  • Extended Modules

  • Minidump

  • Auto Generated X.509 Certificates

  • Shellcode Execution

  • Shellcode Reflective DLL Injection (sRDI)

  • View the CHANGELOG for additional details

The compressed files have a password of merlin

Compare
Choose a tag to compare

This release adds the ability to execute shellcode through an Agent (Windows only). Check the Wiki for examples

  • A compiled version of the agent is distributed in the data/bin directory
  • X.509 certificates are distributed with the release to facilitate ease of use. Create new certificates prior to production use.
  • View the CHANGELOG for additional details

The compressed files have a password of merlin