Pablo Guides

# Kali Linux Course #351: Merlin-Agent$

## Section 1/5: Introduction to Merlin-Agent$

### Installation and Configuration on Kali Linux

**Merlin-Agent$** is a powerful tool designed for post-exploitation tasks in penetration testing, particularly for situations where you need to establish a command-and-control (C2) channel in a stealthy manner. In this section, we will go through the installation, configuration, and initial usage of Merlin-Agent$ on Kali Linux.

#### Step 1: Installing Merlin-Agent$

To install Merlin-Agent$ on Kali Linux, ensure your system is up to date. Open your terminal and execute the following commands:

"`bash
sudo apt update && sudo apt upgrade -y
"`

Next, install the required dependencies:

"`bash
sudo apt install git golang-go
"`

Now, clone the Merlin-Agent$ repository:

"`bash
git clone https://github.com/Ne0nd0g/merlin.git
"`

Once the repository is cloned, navigate into the directory:

"`bash
cd merlin
"`

Now, we will build the Merlin server:

"`bash
go build -o merlin-server main.go
"`

To verify the installation, you can check the version:

"`bash
./merlin-server -version
"`

If everything is working correctly, you should see the version information displayed.

#### Step 2: Configuring Merlin-Agent$

Configuring Merlin-Agent$ involves setting up the server and defining the client configurations. Here’s how to do it:

1. **Create Configuration Files**: You need to create a configuration file for the server. This file defines how the server will behave and how clients connect. Create a file named `config.yaml` in the `merlin` directory.

"`yaml
server:
host: "0.0.0.0"
port: 8080
auth:
method: "none"
"`

2. **Start the Server**: With the configuration file in place, start the Merlin server by executing:

"`bash
./merlin-server -config config.yaml
"`

3. **Create a Payload**: Now that the server is running, you need to generate a payload to execute on the target machine. This can be done using the following command:

"`bash
./merlin-server -generate "`

Replace `` with your desired name. This will create an executable for the agent.

### Step-by-Step Usage and Real-World Use Cases

Once Merlin-Agent$ is installed and configured, you can start using it to test the security of systems. Below, we will detail the steps needed to use this tool effectively in a real-world penetration testing scenario.

#### Step 1: Deploying the Payload

1. **Transfer the Payload**: Use a method like USB, email, or a web server to transfer the generated payload to the target machine. For demonstration, we'll assume the target is Windows.

2. **Execute the Payload**: Once the payload is on the target machine, execute it. If the setup is correct, the Merlin server should receive a connection from the payload.

#### Step 2: Interacting with the Agent

Once the agent is running, you can use the Merlin server to interact with it. Here are some key commands you can use:

– **List Active Agents**: To see currently connected agents, use:

"`bash
agents list
"`

– **Execute Commands on Agent**: Use the command below to issue commands to the connected agents:

"`bash
agents exec
"`

Replace `` with the ID of the agent and `` with the command you wish to execute.

#### Step 3: Example Use Cases

1. **Remote Shell Access**: One of the most common use cases is obtaining a reverse shell on a target machine. By executing a command like `cmd.exe` on a Windows target, you can gain access to the command prompt.

"`bash
agents exec cmd.exe
"`

2. **File Transfer**: You can transfer files to and from the target machine using commands such as:

"`bash
agents upload
agents download
"`

3. **Privilege Escalation**: If you need to escalate privileges, you can use various commands to search for vulnerabilities, such as checking for unprotected services or misconfigurations.

### Detailed Technical Explanations

Merlin-Agent$ operates on a C2 model, allowing pentesters to manage various agents deployed across multiple target systems. The core components include:

– **Server**: The main hub that listens for incoming agent connections. It manages agent communications and executes commands sent from the operator.
– **Agents**: These are the payloads that run on the compromised machines. They communicate back to the server, waiting for commands.
– **Communication Protocol**: Merlin uses HTTP/HTTPS for communication, making it stealthy and harder to detect by traditional network security measures.

### External Reference Links

– For more information on Merlin-Agent$: [Kali Tools – Merlin](https://www.kali.org/tools/merlin-agent$)
– Additional resources on penetration testing techniques: [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
– Learn more about C2 frameworks: [C2 Frameworks Overview](https://www.cybintsolutions.com/a-complete-guide-to-command-and-control-c2-frameworks/)

### Code Examples in Markdown Code Blocks

Below are some code examples formatted for WordPress to showcase usage and commands with Merlin-Agent$.

"`markdown
## Install Merlin-Agent$

"`bash
sudo apt update && sudo apt upgrade -y
sudo apt install git golang-go
git clone https://github.com/Ne0nd0g/merlin.git
cd merlin
go build -o merlin-server main.go
./merlin-server -version
"`

## Configure the Server

"`yaml
server:
host: "0.0.0.0"
port: 8080
auth:
method: "none"
"`

## Generate Payload

"`bash
./merlin-server -generate myPayload.exe
"`

## Execute Commands on Agent

"`bash
agents exec cmd.exe
"`

## Upload and Download Files

"`bash
agents upload /path/to/local/file.txt /path/on/target/file.txt
agents download /path/on/target/file.txt /path/to/local/file.txt
"`
"`

### Conclusion

By following these steps, you should be able to install, configure, and utilize Merlin-Agent$ effectively in various penetration testing scenarios. As you continue to explore this powerful tool, consider the ethical implications of its usage and always obtain proper authorization before testing any systems.

—

Made by pablo rotem / פבלו רותם