Cross-platform post-exploitation HTTP Command & Control agent written in golang
This repository is a port of the Merlin agent from https://github.com/Ne0nd0g/merlin to run on the Mythic framework. This implementation uses Mythic's Default HTTP Command and Control profile
Merlin documentation can be found at https://merlin-c2.readthedocs.io/en/latest/index.html
Mythic documentation can be found at https://docs.mythic-c2.net/
To get started:
- Clone the Mythic repository
- Pull down the http C2 profile from the MythicC2Profiles organization
- Pull down the Merlin agent from the MythicAgents organization
- Start Mythic
- Navigate to https://127.0.0.1:7443 and login with a username of
mythic_adminand password retrieved from the.envfile
This code snippet will execute most of the getting started steps:
cd ~/
git clone https://github.com/its-a-feature/Mythic
cd Mythic/
sudo make
sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http
sudo ./mythic-cli install github https://github.com/MythicAgents/merlin
sudo ./mythic-cli start
sudo cat .env | grep MYTHIC_ADMIN_PASSWORD
Use the following commands to run the Merlin container from the command line without using Docker:
NOTE: Replace the RabbitMQ password with the one from the
.envfile in the root Mythic folder
cd merlin/Payload_Type/merlin/container
export MYTHIC_SERVER_HOST="127.0.0.1"
export RABBITMQ_HOST="127.0.0.1"
export RABBITMQ_PASSWORD="K5SHkn1fk2pcT0YkQxTTMgO5gFwjiQ"
export DEBUG_LEVEL=debug
go run main.goThe table captures known limitations of the Merlin agent on the Mythic framework.
| Feature | Status | Notes |
|---|---|---|
| MiniDump | Not Implemented | |
| File Chunking | Not Implemented |