Building or Running from Source

Russel Van Tuyl edited this page Sep 24, 2018 · 3 revisions

Building or Running Merlin From Source Code

Merlin's source code can be run "like" a script or compiled to an executable binary. These options are valuable when modification need to be made on the fly. If these options are used to contribute to the project or send a pull request, please read the CONTRIBUTING guidelines. Some of the methods documented here are not ideal for situations where you want to contribute to the project but are good for on the fly adjustments. The Go programming language must be installed and all environment variables must be set. After installing and configuring Go, clone the Merlin repository.

Install GO

In order to run Merlin from source, or to compile Merlin yourself, the Go programing language must be installed on the system. However, if you just want to run a pre-compiled version, you do not need to install Go.

Download and install GO: https://golang.org/doc/install

Ensure your GOPATH environment variable is set

Running Merlin

Merlin can be run "like" a script using the go run commands. This facilitates code modifications and testing cycles. The files that can be run are in the cmd directory of Merlin. Command line flags for the Merlin application can be used when running Merlin like a script.

Example: go run cmd/merlinserver/main.go or go run cmd/merlinagent/main.go

Building Merlin

The Merlin Server and Merlin Agent can be compiled from source using Golang's go build command. Additionally, Merlin has a Makefile that can be used to build and/or package the application from source.

Make sure your GOPATH environment variable is set.

Some examples of building Merlin with Make include:

  • make - Compile both the Merlin Server and Merlin Agent into executables for Windows, Linux, and MacOS
  • make windows - Compile both the Merlin Server and Merlin Agent into executables for just Windows
  • make server-windows - Compile the Merlin Server into an executable for Windows
  • make agent-windows - Compile the Merlin Agent into an executable for Windows
  • make distro - Compile and package Merlin Server and Merlin agent into compressed files for distrobution

The string windows can be replaced with either linux or darwin to target a specific platform

Hardcoded C2 server

By default, the Merlin Agent is configured to connect to the Merlin Server at https://127.0.0.1:443/. The target URL can be changed at runtime by using the -url flag. Alternatively, Merlin Agent can be compiled to use a different target URL to prevent from having to specify one at run time. To compile Merlin Agent with a different target URL, use the -X main.url=https://merlin.acme.com:443/ within the -ldflags when using go build.

Example: go build -ldflags "-X main.url=https://merlin.acme.com:443/" -o merlinAgent.exe cmd/merlinagent/main.go

Windows Merlin Agent

The release versions of Merlin Agent are compiled with an extra -ldflags option that is used to launch the agent into a window that is not visible to the end user. This is useful during the post exploitation phase when the victim user should see a window for the running Merlin Agent. This is done by using the -H=windowsgui flag during compile time. To keep the Merlin Agent window visible during execution, either compile the agent without this flag or run the agent from source.

Example: go build -ldflags "-H=windowsgui" -o merlinAgent.exe cmd/merlinagent/main.go

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.