ne0nd0g / merlin-agent Goto Github PK
View Code? Open in Web Editor NEWPost-exploitation agent for Merlin
Home Page: https://github.com/Ne0nd0g/merlin
License: GNU General Public License v3.0
merlin-agent's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
16032144 jr69ss conanjun astrowxyu y0k4i-1337 lunarobliq arstercz fengjian paullj1 longjoe76 kevinkle phuong39 longfeide2008 fbion jgodin-c2c candcnn sairson tnexperts reinthal jeromeyoung h4rithd come2darkside bgrewell riijj young28dos qfdk breaksini7 httmatang testtoto1337 sec-fork crispud redbeard-92 twobrainsink opensesamedoors p3psi-boo tjnull cxfa anthonycamper michael2to3 2512500960 techris45 emadyay a1swartz huskyhacks safe3 obsecurus tokenabc jabra- benatsb paraddise 0xsyr0 k33pn3xtlvl xaitx yuna0x0 0pen1 offsocmerlin-agent's Issues
HTTP NTLM Authentication
Prerequisite
Environment Data
- Merlin Agent Version:
2.3.0 - Merlin Agent Build:
nonRelease - Operating System:
Windows
Actual Behavior
HTTP endpoint returns a 401 Unauthorized or 403 Forbidden status.
Expected Behavior
Expected Merlin to identify HTTP authentication scheme and successfully authenticate.
Steps to Reproduce Behavior
Connect through a proxy that requires NTLM authentication or an HTTP endpoint that requires it.
Mythic Client Download Command Re-Writes Source File
Prerequisite
Environment Data
- Merlin Version:
v0.5.0 - Merlin Build:
nonRelease - Go Version:
1.18 - GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System:
Windows
Expected Behavior
When the download command is issued from Mythic, that the agent downloads the file and does not re-write the source file.
Actual Behavior
If the command download C:\secrets.txt was issued from Mythic, the file will successfully be downloaded to the Mythic server. However, the Mythic client incorrectly returns an error after sending the data. This causes the job to go back into the job queue as a recovery mechanism for C2 channel errors. The original command has the IsDownload field set to true in job tasking structure. When the agent re-processes the job from the previous failure to send, it now interprets it as an upload command re-writes the same file to the source directory.
Once the file has been sent to the Mythic server, it is deleted from a map here
merlin-agent/clients/mythic/mythic.go
Line 571 in 59a846a
merlin-agent/clients/mythic/mythic.go
Line 579 in 59a846a
The confusion with IsDownload stems from the original implementation that was from the agent's point of view. From the agent's point of a view, downloading means to download a file from the server and write it to the host where the agent is running. Mythic commands and clients work off of the operator's point of view. From the operator's perspective, download means retrieve a file from the host where the agent is running and download it to the server. The source code to upload/download files is the same for standalone Merlin and for the Mythic client, thus the confusion on the field.
Steps to Reproduce Behavior
Using a Merlin agent build with Verbose and Debug logging enabled, issue a download command from Mythic.
Misc Information
Access Token Manipulation bug
Prerequisite
- I have read the README
- I have search the opened & closed issues
- I have search the WIKI and its FAQ page
Environment Data
- Merlin Version: 1.2.0
- Merlin Build: master branch -
db3c882 - Go Version: 1.17.5
- GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System: Kali Linux 2021.4a
Expected Behavior
Merlin keeps track of when a Windows access token was created or stolen. If there is a created or stolen token, it will be used with a designated subset of Merlin commands. Additionally, there is the "rev2self" method to release any created or stolen access tokens on demand.
Actual Behavior
When utilizing the token steal or token make methods, the newfound accesses obtained only last for one command before reverting back to the initial access token.
Steps to Reproduce Behavior
- Execute a merlin agent off of a domain joined Windows WKST as a local admin that contains an active domain administrator session.
- Utilize
token stealto attempt to duplicate the target access token residing in the domain administrator's process.
OR
Assuming you have knowledge of the domain admin creds, utilizetoken maketo create a new Windows access token for the specified admin. Utilizetoken whoamito see the new access token. - With the new privileges, attempt to list the C$ on the domain controller. - first try usually succeeds
- Any subsequent access attempts to the DC fails with an access denied. Executing
token whoamino longer shows the new DA access token.
Misc Information
6992 7268 x64 BUILTIN\Administrators conhost.exe [31/549]
3832 648 x64 svchost.exe
1612 7268 x64 BUILTIN\Administrators powershell.exe <- TARGET PROCESS
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» token steal 1612
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job rlnkythPbJ for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:43:43Z
[-] Results job rlnkythPbJ for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:43:54Z
[+] Successfully stole token from PID 1612 for user foxden\Administrator with LogonID 0x1EADDA
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» token whoami
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job YgEmTvCISd for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:43:55Z
[-] Results job YgEmTvCISd for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:44:14Z
[+] Process (Primary) Token:
User: foxden\victim,Token ID: 0x1C6F17,Logon ID: 0x99D3C,Privilege Count: 24,Group Count: 12,Type: Primary,Impersonation Level: Anonymous,Integrity Level: High
Thread (Primary) Token:
User: foxden\Administrator,Token ID: 0x1F3504,Logon ID: 0x1EADDA,Privilege Count: 24,Group Count: 17,Type: Primary,Impersonation Level: Impersonation,Integrity Level: High
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» ls \\\\192.168.248.150\\C$
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job YhsFdQrCST for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:44:24Z
[-] Results job YhsFdQrCST for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:44:36Z
[+] Directory listing for: \\192.168.248.150\C$
drwxrwxrwx 2022-01-08 13:31:56 0 $Recycle.Bin
-rw-rw-rw- 2016-07-16 09:18:08 1 BOOTNXT
Lrw-rw-rw- 2022-01-08 16:31:20 0 Documents and Settings
drwxrwxrwx 2016-07-16 09:23:21 0 PerfLogs
dr-xr-xr-x 2022-01-08 13:36:03 0 Program Files
drwxrwxrwx 2016-07-16 09:23:24 0 Program Files (x86)
drwxrwxrwx 2022-01-08 14:05:33 0 ProgramData
drwxrwxrwx 2022-01-08 16:31:24 0 Recovery
drwxrwxrwx 2022-01-08 13:47:38 0 System Volume Information
dr-xr-xr-x 2022-01-08 13:31:51 0 Users
drwxrwxrwx 2022-01-09 14:41:10 0 Windows
-r--r--r-- 2016-07-16 09:18:08 384322 bootmgr
-rw-rw-rw- 2022-01-08 13:53:37 1207959552 pagefile.sys
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» token whoami
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job TCKwUHIDHy for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:44:39Z
[-] Results job TCKwUHIDHy for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:44:57Z
[+] Process (Primary) Token:
User: foxden\victim,Token ID: 0x1C6F17,Logon ID: 0x99D3C,Privilege Count: 24,Group Count: 12,Type: Primary,Impersonation Level: Anonymous,Integrity Level: High
Thread (Primary) Token:
User: foxden\victim,Token ID: 0x1C6F17,Logon ID: 0x99D3C,Privilege Count: 24,Group Count: 12,Type: Primary,Impersonation Level: Anonymous,Integrity Level: High
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
Merlin» interact 790e86a4-45d1-477c-80a6-d2327c8bf09f
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» token make FOXDEN\\Administrator <PASSWORD>
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job HXNLGLFEIT for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:55:53Z
[-] Results job HXNLGLFEIT for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:56:02Z
[+] Successfully created a Windows access token for FOXDEN\Administrator with a logon ID of 0x2928EC
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» ls \\\\192.168.248.150\\C$
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job jNzvLBHXIs for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:56:07Z
[-] Results job jNzvLBHXIs for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:56:21Z
[+] Directory listing for: \\192.168.248.150\C$
drwxrwxrwx 2022-01-08 13:31:56 0 $Recycle.Bin
-rw-rw-rw- 2016-07-16 09:18:08 1 BOOTNXT
Lrw-rw-rw- 2022-01-08 16:31:20 0 Documents and Settings
drwxrwxrwx 2016-07-16 09:23:21 0 PerfLogs
dr-xr-xr-x 2022-01-08 13:36:03 0 Program Files
drwxrwxrwx 2016-07-16 09:23:24 0 Program Files (x86)
drwxrwxrwx 2022-01-08 14:05:33 0 ProgramData
drwxrwxrwx 2022-01-08 16:31:24 0 Recovery
drwxrwxrwx 2022-01-08 13:47:38 0 System Volume Information
dr-xr-xr-x 2022-01-08 13:31:51 0 Users
drwxrwxrwx 2022-01-09 14:41:10 0 Windows
-r--r--r-- 2016-07-16 09:18:08 384322 bootmgr
-rw-rw-rw- 2022-01-08 13:53:37 1207959552 pagefile.sys
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» token whoami
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job ahFXwNMvuk for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:56:34Z
[-] Results job ahFXwNMvuk for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:56:50Z
[+] Process (Primary) Token:
User: foxden\victim,Token ID: 0x1C6F17,Logon ID: 0x99D3C,Privilege Count: 24,Group Count: 12,Type: Primary,Impersonation Level: Anonymous,Integrity Level: High
Thread (Primary) Token:
User: foxden\victim,Token ID: 0x1C6F17,Logon ID: 0x99D3C,Privilege Count: 24,Group Count: 12,Type: Primary,Impersonation Level: Anonymous,Integrity Level: High
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]» ls \\\\192.168.248.150\\C$
Merlin[agent][790e86a4-45d1-477c-80a6-d2327c8bf09f]»
[-] Created job mRVLsoYuPy for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:56:53Z
[-] Results job mRVLsoYuPy for agent 790e86a4-45d1-477c-80a6-d2327c8bf09f at 2022-01-10T03:57:08Z
[!] there was an error executing the 'ls' command:
open \\192.168.248.150\C$: Access is denied.
Upgrade dependency "github.com/Ne0nd0g/merlin"
Background
Repo github.com/Ne0nd0g/merlin-agent depends on github.com/Ne0nd0g/[email protected].
https://github.com/Ne0nd0g/merlin-agent/blob/dev/go.mod#L8
However, comparing version v1.5.0 of github.com/Ne0nd0g/merlin from proxy.golang.org and github, there are inconsistencies.
"committer": {
"name": "Ne0nd0g",
"email": "[email protected]",
"date": "2022-07-21T01:00:00Z"
}{"Version":"v1.5.0","Time":"2022-07-20T12:00:43Z"}So the checksum from the code in github does not match the checksum saved in sum.golang.org. The v1.5.0 tag of github.com/Ne0nd0g/merlin might have been retagged after a minor edition on github. I guess you use proxy.golang.org to get dependencies, but that also shows that your project is depending on the copy of github.com/Ne0nd0g/[email protected] before its edition. Depending upon such inconsistent tag version may also result in some unexpected errors as well as build errors due to different proxy settings.
For example, when someone who does not use proxy.golang.org, say GOPROXY=direct, attempts to get github.com/Ne0nd0g/[email protected], the following error occurs.
go: downloading github.com/Ne0nd0g/merlin v1.5.0
go: github.com/Ne0nd0g/merlin@v1.5.0: verifying module: checksum mismatch
downloaded: h1:WnKX8e+4GCtTjxcxbjZN4xyRgR5YMRek1hU8JaYuWfQ=
sum.golang.org: h1:cuUrBNubcze2QwBcZ+s3k6SGx07iEAh6eNM8Ie3NNJI=
SECURITY ERROR
This download does NOT match the one reported by the checksum server.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
For more information, see 'go help module-auth'.So, this is a reminder in the hope that you can get rid of this problematic version of project github.com/Ne0nd0g/merlin.
Solution
1. Bump the version of dependency github.com/Ne0nd0g/merlin
I would recommend bumping the version of github.com/Ne0nd0g/merlin to a new release to ensure dependency copy in proxy.golang.org and github in sync.
References
JA3 String Causes Stack Overflow
Prerequisite
Environment Data
- Merlin Version:
v1.5.0 - Merlin Build:
nonRelease - Go Version:
1.18.7 - GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System: Linux
Expected Behavior
Expected to execute the Merlin agent with a valid JA3 string and return a valid TLS client that could be used to communicate with the Merlin server.
Actual Behavior
root@hal:~/merlin-agent# go run main.go -v -ja3 "771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-21,29-23-24-25-256-257,0"
[i]Host Information:
[i] Agent UUID: 3c897a17-291a-415a-bc5e-40ac7d4e4431
[i] Platform: linux
[i] Architecture: amd64
[i] User Name: root
[i] User GUID: 0
[i] Integrity Level: 4
[i] Hostname: hal
[i] Process: /tmp/go-build3087206394/b001/exe/main
[i] PID: 12550
[i] IPs: removed
runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc020200410 stack=[0xc020200000, 0xc040200000]
fatal error: stack overflow
runtime stack:
runtime.throw({0x90d1a7?, 0xc2cf60?})
/snap/go/9981/src/runtime/panic.go:992 +0x71
runtime.newstack()
/snap/go/9981/src/runtime/stack.go:1101 +0x5cc
runtime.morestack()
/snap/go/9981/src/runtime/asm_amd64.s:547 +0x8b
goroutine 1 [running]:
runtime.heapBitsSetType(0xc0072f75f0?, 0xd0?, 0xc8?, 0x8eb2e0?)
/snap/go/9981/src/runtime/mbitmap.go:832 +0xbcc fp=0xc020200420 sp=0xc020200418 pc=0x41728c
runtime.mallocgc(0xc8, 0x8eb2e0, 0x1)
/snap/go/9981/src/runtime/malloc.go:1117 +0x673 fp=0xc020200498 sp=0xc020200420 pc=0x40e873
runtime.newobject(0x2?)
/snap/go/9981/src/runtime/malloc.go:1259 +0x27 fp=0xc0202004c0 sp=0xc020200498 pc=0x40ec27
fmt.glob..func1()
/snap/go/9981/src/fmt/print.go:132 +0x25 fp=0xc0202004e0 sp=0xc0202004c0 pc=0x4ce5e5
sync.(*Pool).Get(0xc6c560)
/snap/go/9981/src/sync/pool.go:148 +0xb2 fp=0xc020200518 sp=0xc0202004e0 pc=0x46d9d2
fmt.newPrinter()
/snap/go/9981/src/fmt/print.go:137 +0x25 fp=0xc020200540 sp=0xc020200518 pc=0x4ce645
fmt.Sprintf({0x914d27, 0x1d}, {0xc0202005c0, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:218 +0x36 fp=0xc020200598 sp=0xc020200540 pc=0x4cebf6
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc0202005e0 sp=0xc020200598 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f7520, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020200830 sp=0xc0202005e0 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f7520, {0x8773e0?, 0xc0072f4270}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc0202008d0 sp=0xc020200830 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f7520, {0x914d27, 0x1d}, {0xc020200a48?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc0202009c8 sp=0xc0202008d0 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020200a48, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020200a20 sp=0xc0202009c8 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020200a68 sp=0xc020200a20 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f7450, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020200cb8 sp=0xc020200a68 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f7450, {0x8773e0?, 0xc0072f4260}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020200d58 sp=0xc020200cb8 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f7450, {0x914d27, 0x1d}, {0xc020200ed0?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020200e50 sp=0xc020200d58 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020200ed0, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020200ea8 sp=0xc020200e50 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020200ef0 sp=0xc020200ea8 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f7380, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020201140 sp=0xc020200ef0 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f7380, {0x8773e0?, 0xc0072f4250}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc0202011e0 sp=0xc020201140 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f7380, {0x914d27, 0x1d}, {0xc020201358?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc0202012d8 sp=0xc0202011e0 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020201358, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020201330 sp=0xc0202012d8 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020201378 sp=0xc020201330 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f72b0, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc0202015c8 sp=0xc020201378 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f72b0, {0x8773e0?, 0xc0072f4240}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020201668 sp=0xc0202015c8 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f72b0, {0x914d27, 0x1d}, {0xc0202017e0?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020201760 sp=0xc020201668 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc0202017e0, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc0202017b8 sp=0xc020201760 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020201800 sp=0xc0202017b8 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f71e0, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020201a50 sp=0xc020201800 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f71e0, {0x8773e0?, 0xc0072f4230}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020201af0 sp=0xc020201a50 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f71e0, {0x914d27, 0x1d}, {0xc020201c68?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020201be8 sp=0xc020201af0 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020201c68, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020201c40 sp=0xc020201be8 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020201c88 sp=0xc020201c40 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f7110, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020201ed8 sp=0xc020201c88 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f7110, {0x8773e0?, 0xc0072f4220}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020201f78 sp=0xc020201ed8 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f7110, {0x914d27, 0x1d}, {0xc0202020f0?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020202070 sp=0xc020201f78 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc0202020f0, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc0202020c8 sp=0xc020202070 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020202110 sp=0xc0202020c8 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f7040, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020202360 sp=0xc020202110 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f7040, {0x8773e0?, 0xc0072f4210}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020202400 sp=0xc020202360 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f7040, {0x914d27, 0x1d}, {0xc020202578?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc0202024f8 sp=0xc020202400 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020202578, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020202550 sp=0xc0202024f8 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020202598 sp=0xc020202550 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6f70, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc0202027e8 sp=0xc020202598 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6f70, {0x8773e0?, 0xc0072f4200}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020202888 sp=0xc0202027e8 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6f70, {0x914d27, 0x1d}, {0xc020202a00?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020202980 sp=0xc020202888 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020202a00, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc0202029d8 sp=0xc020202980 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020202a20 sp=0xc0202029d8 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6ea0, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020202c70 sp=0xc020202a20 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6ea0, {0x8773e0?, 0xc0072f41f0}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020202d10 sp=0xc020202c70 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6ea0, {0x914d27, 0x1d}, {0xc020202e88?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020202e08 sp=0xc020202d10 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020202e88, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020202e60 sp=0xc020202e08 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020202ea8 sp=0xc020202e60 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6dd0, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc0202030f8 sp=0xc020202ea8 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6dd0, {0x8773e0?, 0xc0072f41e0}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020203198 sp=0xc0202030f8 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6dd0, {0x914d27, 0x1d}, {0xc020203310?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020203290 sp=0xc020203198 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020203310, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc0202032e8 sp=0xc020203290 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020203330 sp=0xc0202032e8 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6d00, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020203580 sp=0xc020203330 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6d00, {0x8773e0?, 0xc0072f41d0}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020203620 sp=0xc020203580 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6d00, {0x914d27, 0x1d}, {0xc020203798?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020203718 sp=0xc020203620 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020203798, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020203770 sp=0xc020203718 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc0202037b8 sp=0xc020203770 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6c30, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020203a08 sp=0xc0202037b8 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6c30, {0x8773e0?, 0xc0072f41c0}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020203aa8 sp=0xc020203a08 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6c30, {0x914d27, 0x1d}, {0xc020203c20?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020203ba0 sp=0xc020203aa8 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020203c20, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020203bf8 sp=0xc020203ba0 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020203c40 sp=0xc020203bf8 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6b60, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020203e90 sp=0xc020203c40 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6b60, {0x8773e0?, 0xc0072f41b0}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020203f30 sp=0xc020203e90 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6b60, {0x914d27, 0x1d}, {0xc0202040a8?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020204028 sp=0xc020203f30 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc0202040a8, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020204080 sp=0xc020204028 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc0202040c8 sp=0xc020204080 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6a90, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020204318 sp=0xc0202040c8 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6a90, {0x8773e0?, 0xc0072f41a0}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc0202043b8 sp=0xc020204318 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6a90, {0x914d27, 0x1d}, {0xc020204530?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc0202044b0 sp=0xc0202043b8 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020204530, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020204508 sp=0xc0202044b0 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020204550 sp=0xc020204508 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f69c0, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc0202047a0 sp=0xc020204550 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f69c0, {0x8773e0?, 0xc0072f4190}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020204840 sp=0xc0202047a0 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f69c0, {0x914d27, 0x1d}, {0xc0202049b8?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020204938 sp=0xc020204840 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc0202049b8, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020204990 sp=0xc020204938 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc0202049d8 sp=0xc020204990 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f68f0, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020204c28 sp=0xc0202049d8 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f68f0, {0x8773e0?, 0xc0072f4180}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020204cc8 sp=0xc020204c28 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f68f0, {0x914d27, 0x1d}, {0xc020204e40?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020204dc0 sp=0xc020204cc8 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020204e40, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020204e18 sp=0xc020204dc0 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020204e60 sp=0xc020204e18 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6820, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc0202050b0 sp=0xc020204e60 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6820, {0x8773e0?, 0xc0072f4170}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020205150 sp=0xc0202050b0 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6820, {0x914d27, 0x1d}, {0xc0202052c8?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc020205248 sp=0xc020205150 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc0202052c8, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc0202052a0 sp=0xc020205248 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc0202052e8 sp=0xc0202052a0 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6750, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc020205538 sp=0xc0202052e8 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6750, {0x8773e0?, 0xc0072f4160}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc0202055d8 sp=0xc020205538 pc=0x4d1ef3
fmt.(*pp).doPrintf(0xc0072f6750, {0x914d27, 0x1d}, {0xc020205750?, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:1026 +0x288 fp=0xc0202056d0 sp=0xc0202055d8 pc=0x4d47a8
fmt.Sprintf({0x914d27, 0x1d}, {0xc020205750, 0x1, 0x1})
/snap/go/9981/src/fmt/print.go:219 +0x59 fp=0xc020205728 sp=0xc0202056d0 pc=0x4cec19
github.com/Ne0nd0g/ja3transport.ErrExtensionNotExist.Error(...)
/root/go/pkg/mod/github.com/!ne0nd0g/[email protected]/transport.go:24
github.com/Ne0nd0g/ja3transport.(*ErrExtensionNotExist).Error(0x0?)
<autogenerated>:1 +0x69 fp=0xc020205770 sp=0xc020205728 pc=0x76bdc9
fmt.(*pp).handleMethods(0xc0072f6680, 0xc7c1e0?)
/snap/go/9981/src/fmt/print.go:620 +0x1ff fp=0xc0202059c0 sp=0xc020205770 pc=0x4d123f
fmt.(*pp).printArg(0xc0072f6680, {0x8773e0?, 0xc0072f4150}, 0x73)
/snap/go/9981/src/fmt/print.go:709 +0x693 fp=0xc020205a60 sp=0xc0202059c0 pc=0x4d1ef3
goroutine 5 [chan receive]:
github.com/Ne0nd0g/merlin-agent/agent.executeJob()
/root/merlin-agent/agent/jobs.go:47 +0x8e
created by github.com/Ne0nd0g/merlin-agent/agent.init.0
/root/merlin-agent/agent/jobs.go:40 +0x25
exit status 2
Steps to Reproduce Behavior
Execute the Merlin agent with the -JA3 argument and a valid JA3 string:
go run main.go -v -ja3 "771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-21,29-23-24-25-256-257,0"
Misc Information
make windows errors
Prerequisite
Environment Data
- Merlin Version: the one that
go get github.com/Ne0nd0g/merlin-agentgets - Merlin Build:
- Go Version: go version go1.19 linux/amd64
- GOPATH Environment Variable: /root/go
- GOROOT Environment Variable:
- Operating System: Kali Linux (Debian Testing)
Expected Behavior
Expected that the make windows works. It generates 2 errors.
Actual Behavior
The make windows generates the following errors:
# github.com/Ne0nd0g/merlin-agent/agent
agent/agent.go:85:17: multiple-value uuid.NewV4() (value of type (uuid.UUID, error)) in single-value context
# github.com/Ne0nd0g/ja3transport
../ja3transport/transport.go:57:13: undefined: tls.FakeCertCompressionAlgsExtension
make: *** [Makefile:76: windows] Error 2
Steps to Reproduce Behavior
run: github.com/Ne0nd0g/merlin-agent
then cd to the dir and run make windows
Misc Information
Shellcode Injection VirtualProtectEx Returns Error
Prerequisite
Environment Data
- Merlin Version:
v1.6.3 - Merlin Build:
- Go Version:
1.19 - Operating System:
Microsoft Windows [Version 10.0.19045.2965]
The CreateThread, RtlCreateUserThread, and QueueUserAPC shellcode injection methods use the VirtualProtectEx call without enough arguments causing the error: Invalid access to memory location. The call takes 5 arguments but only 3 are provided. Additionally, the error is not returned to server.
BOOL VirtualProtectEx(
[in] HANDLE hProcess,
[in] LPVOID lpAddress,
[in] SIZE_T dwSize,
[in] DWORD flNewProtect,
[out] PDWORD lpflOldProtect
);
merlin-agent/commands/exec_windows.go
Line 193 in e58a788
MAKE ERROR
Prerequisite
I have searched the opened & closed issues
I have searched the WIKI and its FAQ page
Environment Data
- Merlin Version: latest
- Merlin Build:
- Go Version: go version go1.17.5 linux/amd64
- GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System: ubuntu 20.04
Expected Behavior
success
Actual Behavior
build failed.
Steps to Reproduce Behavior
make linux
returns:
export GOOS=linux;export GOARCH=amd64;go build -trimpath -ldflags '-s -w -X "main.build=b1116ffea7f24765bc04e0c0e45f27d00ad4afc1" -X "github.com/Ne0nd0g/merlin-agent/agent.build=b1116ffea7f24765bc04e0c0e45f27d00ad4afc1" -X "main.protocol=h2" -X "main.url=https://127.0.0.1:443" -X "main.host=cdn.jsdeliver.com" -X "main.psk=edfghi" -X "main.proxy=" -X "main.useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36" -X "main.headers=""" -buildid=' -gcflags=all=-trimpath=/home/user/goprojs -asmflags=all=-trimpath=/home/user/goprojs -o bin/v1.1.0/b1116ffea7f24765bc04e0c0e45f27d00ad4afc1/merlinAgent-Linux-x64 ./main.go
# command-line-arguments
usage: link [options] main.o
-B note
add an ELF NT_GNU_BUILD_ID note when using ELF
-E entry
set entry symbol name
-H type
set header type
-I linker
use linker as ELF dynamic linker
-L directory
add specified directory to library path
-R quantum
set address rounding quantum (default -1)
-T address
set text segment address (default -1)
-V print version and exit
-X definition
add string value definition of the form importpath.name=value
-a no-op (deprecated)
-aslr
enable ASLR for buildmode=c-shared on windows (default true)
-benchmark string
set to 'mem' or 'cpu' to enable phase benchmarking
-benchmarkprofile base
emit phase profiles to base_phase.{cpu,mem}prof
-buildid id
record id as Go toolchain build id
-buildmode mode
set build mode
-c dump call graph
-compressdwarf
compress DWARF if possible (default true)
-cpuprofile file
write cpu profile to file
-d disable dynamic executable
-debugtextsize int
debug text section max size
-debugtramp int
debug trampolines
-dumpdep
dump symbol dependency graph
-extar string
archive program for buildmode=c-archive
-extld linker
use linker when linking in external mode
-extldflags flags
pass flags to external linker
-f ignore version mismatch
-g disable go package data checks
-h halt on error
-importcfg file
read import configuration from file
-installsuffix suffix
set package directory suffix
-k symbol
set field tracking symbol
-libgcc string
compiler support lib for internal linking; use "none" to disable
-linkmode mode
set link mode
-linkshared
link against installed Go shared libraries
-memprofile file
write memory profile to file
-memprofilerate rate
set runtime.MemProfileRate to rate
-msan
enable MSan interface
-n dump symbol table
-o file
write output to file
-pluginpath string
full path name for plugin
-r path
set the ELF dynamic linker search path to dir1:dir2:...
-race
enable race detector
-s disable symbol table
-strictdups int
sanity check duplicate symbol contents during object file reading (1=warn 2=err).
-tmpdir directory
use directory for temporary files
-v print link trace
-w disable DWARF generation
make: *** [Makefile:76: linux] Error 2
Misc Information
Unable to compile Merlin Agent
Prerequisite
Environment Data
- Merlin Version: Latest
- Merlin Build: Latest
- Go Version: go version go1.20.3 linux/amd64
- GOPATH Environment Variable: GOROOT=$HOME/go
- GOROOT Environment Variable: PATH=$PATH:$GOROOT/bin
- Operating System: Ubuntu 23.04
Expected Behavior
Expecting to compile the agent and not receive an error.
make windows
Actual Behavior
See the error message, thanks
make windows
export GOOS=windows GOARCH=amd64;go build -trimpath -ldflags '-s -w -X "main.build=b2e84d8beea2d0dd87bc23f950de7842193cb28d" -X "github.com/Ne0nd0g/merlin-agent/agent.build=b2e84d8beea2d0dd87bc23f950de7842193cb28d" -X "main.protocol=h2" -X "main.url=https://127.0.0.1:443" -X "main.host=" -X "main.psk=merlin" -X "main.sleep=30s" -X "main.proxy=" -X "main.useragent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36" -X "main.headers=" -X "main.skew=3000" -X "main.padding=4096" -X "main.killdate=0" -X "main.maxretry=7" -X "main.parrot=" -H=windowsgui -buildid=' -gcflags=all=-trimpath= -asmflags=all=-trimpath= -o bin/v1.6.5/b2e84d8beea2d0dd87bc23f950de7842193cb28d/merlinAgent-Windows-x64.exe ./main.go
# github.com/lucas-clemente/quic-go/internal/qtls
../../../go/pkg/mod/github.com/lucas-clemente/[email protected]/internal/qtls/go120.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.20 yet. For more details, please see https://github.com/lucas-clemente/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.20 yet. F...) as int value in variable declaration
make: *** [Makefile:78: windows] Error 1
Steps to Reproduce Behavior
Misc Information
v1.4.0 Garble Windows Build Error
Prerequisite
Environment Data
- Merlin Version:
v1.4.0 - Merlin Build:
N/A - Go Version:
1.17 - Garble Version:
v0.6.0
Expected Behavior
Expected that building a new Garbled Windows agent completed successfully using: make windows-garble
Actual Behavior
The agent build fails:
# github.com/Ne0nd0g/merlin-agent/commands
:2: cannot take the address of (func literal)()
exit status 2
exit status 2
make: *** [Makefile:75: windows-garble] Error 1
Steps to Reproduce Behavior
Clone the Merlin agent repository and build a Garbled agent with: make windows-garble
Misc Information
Garbled Linux and macOS agents build without error. The problem is likely due to the new memory command updates in Merlin v1.4.0, potentially in the commands/memory_windows.go file.
MiniDump Response Missing Job Token
The job.Token was not included in the response after executing the MiniDump command. First reported here: Ne0nd0g/merlin#107
https://github.com/Ne0nd0g/merlin-agent/blob/master/agent/jobs.go#L81
Agent dying on startup when not passing an argument
Prerequisite
Environment Data
- Merlin Version: 1.3.0
- Merlin Build: e89a29d
- Go Version: 1.16.10
- GOPATH Environment Variable: ~/go
- GOROOT Environment Variable: ~/.asdf/installs/golang/1.16.10/go
- Operating System: Linux
Expected Behavior
The agent runs even without any argument being passed, according to how it was built.
Actual Behavior
When not passing an argument, the agent is dying and showing an error on screen.
The error presented on agent side:
./bin/v1.3.0/e89a29d99a3cea7d02d28672290f5fdb2cc60d99/merlinAgent
panic: send on closed channel
goroutine 20 [running]:
main.getArgsFromStdIn(0xc0000c6480)
~/merlin-agent/main.go:172 +0x65
created by main.main
~/merlin-agent/main.go:80 +0xc2a
Steps to Reproduce Behavior
Compiled with
make linux MAXRETRY=30 PROTO=http3 SLEEP=30s URL=https://127.0.0.1:10443
Ran the agent without any argument:
./bin/v1.3.0/e89a29d99a3cea7d02d28672290f5fdb2cc60d99/merlinAgent
Misc Information
If I run the agent with some argument, like -debug, it is able to connect to server without error.
Process List Command Returns BUILTIN Group Name Instead of Username
Prerequisite
Environment Data
- Merlin Version: v1.3.0
Expected Behavior
That the output of the ps command on Windows will list the user associated with the running process
Actual Behavior
The ps command returns the group names starting with BUILTIN instead of the actual user name:
1896 1864 x64 BUILTIN\Administrators explorer.exe
Steps to Reproduce Behavior
Run the ps command.
Misc Information
Agent was running on Server 2012R2
JA3 & Parrot Settings Cause HTTP Proxy Environment Variables To Be Ignored
Prerequisite
Environment Data
- Merlin Version:
v1.6.3 - Merlin Build:
4d0e944d6b52f2715a2d75e5373a60f045921488
Expected Behavior
Expect that Merlin reads the HTTP proxy environment variables and uses them if they are set.
Actual Behavior
If either the JA3 or PARROT configuration settings are anything but empty AND the PROXY setting wasn't manually set, then the HTTP proxy environment variables will not be read or set. It should be setting the transport's proxy to the proxy variable no matter what.
Misc Information
merlin-agent/clients/http/http.go
Lines 200 to 212 in 4d0e944
merlin-agent/clients/http/http.go
Lines 215 to 228 in 4d0e944
Shell Command Function Call Takes Too Many Arguments
Prerequisite
Environment Data
- Merlin Version: v1.5.0
The shell functions for Agents that are NOT Windows, Linux, Darwin, or FreeBSD takes too many arguments. Have shell(name string, args []string) but need shell(args []string)
Reference:
- MythicAgents/merlin#7
merlin-agent/commands/shell.go
Line 29 in 890d80f
merlin-agent/commands/shell_windows.go
Line 29 in 890d80f
Why does the merlin-agent depend on the merlin?
When I modified the code in Merlin, the main logic did not change, just changed some display, added fields to the agents/agents/Agent of merlin, why use agent, when communicating, display 404
Can you remove the dependencies on Merlin from the agent and separate the code from merlin
agent does not exist
Prerequisite
Environment Data
- Merlin Version:1.41
- Merlin Build:1.4.1
- Go Version:1.18
- GOPATH Environment Variable: /root/go/bin
- GOROOT Environment Variable:
- Operating System: debian
Expected Behavior
Actual Behavior
Steps to Reproduce Behavior
Misc Information
The `shell` Command Does Not Use Impersonation Token
Prerequisite
Environment Data
- Merlin Version: v1.3.0
Expected Behavior
When a Windows impersonation access token is associated with the agent, the token is used with the shell command.
Actual Behavior
The process' primary access token is used.
Steps to Reproduce Behavior
- Call
token makeortoken stealto associate a token with your your agent. - Run the
shellcommand with an argument ofwhoamito validate which token is being used.
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» shell whoami
[-] Created job JGScnjCpAp for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:32:47Z
[-] Results job JGScnjCpAp for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:33:04Z
[+] Created whoami process with an ID of 8908
fleet\kara.thrace
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» token steal 1668
[-] Created job yMpMEHuonY for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:33:26Z
[-] Results job yMpMEHuonY for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:33:44Z
[+] Successfully stole token from PID 1668 for user FLEET\gaius.baltar with LogonID 0x3E1B951
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» shell whoami
[-] Created job hKxDWsvafx for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:34:20Z
[-] Results job hKxDWsvafx for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:34:39Z
[+] fleet\kara.thrace
Misc Information
The run command executes the expected behavior
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» run whoami
[-] Created job PosvgBdUiz for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:56:26Z
[-] Results job PosvgBdUiz for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:56:40Z
[+] Created whoami process with an ID of 9632
fleet\kara.thrace
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» token steal 1668
[-] Created job QQAqZrTyfN for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:58:25Z
[-] Results job QQAqZrTyfN for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:58:42Z
[+] Successfully stole token from PID 1668 for user FLEET\gaius.baltar with LogonID 0x3E1B951
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» run whoami
[-] Created job kqvijxxboL for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:58:46Z
[-] Results job kqvijxxboL for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-03-06T22:59:06Z
[+] Created C:\WINDOWS\system32\whoami.exe proccess with an ID of 7940
fleet\gaius.baltar
Unable to Compile Windows x86 Payload
Prerequisite
Environment Data
- Merlin Agent Version:
v2.3.0 - Merlin Agent Build:
f0624a3082928d01eaa86a0fb101b0d1d72cde02 - Operating System:
Windows
Problem
Unable to compile GOARCH=386 Windows payloads because BannanaPhone does not support x86. The BananaPhone creator recommends creating evasion_x64.go and evasion_386.go files where the latter doesn't call BananaPhone at all. https://github.com/Ne0nd0g/merlin-agent/blob/main/os/windows/pkg/evasion/evasion.go
Compiling Merlin-agent separately cannot be launched into the Mythic project. How to implement custom compilation and linkage
Compiling Merlin-agent separately cannot be launched into the Mythic project. How to implement custom compilation and linkage
Netstat Command Must Have an Argument
Prerequisite
Environment Data
- Merlin Version:
1.6.3 - Merlin Build:
nonRelease - Go Version:
- GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System:
Windows
If no arguments are provided to the netstat command, an out of index error occurs:
panic: runtime error: index out of range [2] with length 0
github.com/Ne0nd0g/merlin-agent/commands.Netstat({{0xc000002558, 0x7}, {0x0, 0x0, 0x0}})
/home/rastley/go/pkg/mod/github.com/!ne0nd0g/[email protected]/commands/netstat_windows.go:48 +0x132
github.com/Ne0nd0g/merlin-agent/agent.executeJob.func1({{0xeb, 0x10, 0xf0, 0x5b, 0xae, 0x97, 0x4f, 0xf0, 0xa4, 0x4e, ...}, ...})
/home/rastley/go/pkg/mod/github.com/!ne0nd0g/[email protected]/agent/jobs.go:94 +0xe07
created by github.com/Ne0nd0g/merlin-agent/agent.executeJob
/home/rastley/go/pkg/mod/github.com/!ne0nd0g/[email protected]/agent/jobs.go:49 +0x30
This is because the evaluation doesn't handle zero length arguments
merlin-agent/commands/netstat_windows.go
Lines 45 to 49 in 4d0e944
The command should be updated to handle zero length arguments and evaluate that the length is 2 before accessing that position.
STDIN Routine Error
Prerequisite
Environment Data
- Merlin Version:
v1.4.1
Expected Behavior
Expected a Merlin agent executed from Impacket's psexec.py to run
Actual Behavior
- A non-debug payload will fail to run; Unable to collect output because the payload is built as a Windows GUI application
- A DEBUG payload, NOT built as a Windows GUI application, will return the output below when run with 0 arguments
- A DEBUG payload run with at least one argument WILL run correctly
C:\Temp> merlinAgent-Debug-Windows-x64.exe
there was an error reading from STDIN: read /dev/stdin: file already closed
panic: send on closed channel
goroutine 20 [running]:
main.getArgsFromStdIn(0x0)
/home/rastley/merlin-agent/main.go:172 +0x49
created by main.main
/home/rastley/merlin-agent/main.go:80 +0x408
Steps to Reproduce Behavior
- Generate a debug payload with
make windows-debug - Remotely execute the agent with something like Impacket's
psexec.py
Misc Information
Previously seen in #8
Agent Exits When User Directory Does Not Exist
Prerequisite
Environment Data
- Merlin Version:
v1.5.0 - Merlin Build:
nonRelease - Go Version:
1.18 - GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System:
windows
Expected Behavior
Expected to remotely execute an agent with credentials for a user that has never logged onto the target.
Actual Behavior
When remotely executing Merlin on a target host that the calling user has never logged onto, but does have permissions, the agent exits. Testing occurred while using SharpWMI (network logon type) to execute the payload. The follow error is returned if debug output is on:
[DEBUG]Entering agent.New() function
there was an error getting the current user:
The system cannot find the file specified.
After troubleshooting, the error comes from the call to user.Current() which eventually calls GetUserProfileDirectory at lookup_windows.go.
This is a known issue with Go that was not resolved at the time of writing golang/go#37348
Steps to Reproduce Behavior
Remotely execute an agent on a Windows target host through a protocol like WMI or WINRM as a user that does not have a user profile directory on the target host.
Misc Information
Padding appears to be a fixed amount each time, not a random size
After some investigation into the padding feature of Merlin, I'm not sure if it is acting in the intended fashion. It seems that each message is always given a padding the exact size specified by the user at build time for PaddingMax. So if it is 4096, then every message has a padding of 4096 bytes, not a random number of UP TO 4096 bytes. We also discussed randomizing the PaddingMax on the server side during OPAQUE so it isn't a hard coded value.
Mythic v3.0.0 Requires PID as Integer
Prerequisite
Environment Data
- Merlin Version:
v.1.6.2
Mythic v3.0.0 required the Agent's PID to be an integer but is currently a string.
merlin-agent/clients/mythic/structs.go
Line 56 in 23983f5
Unhandled ShiftJS Text Encoding
Prerequisite
Environment Data
- Merlin Version:
v2.0.0 - Merlin Build:
8a421ca159aab4667e7f332c9ad157820faeeed7 - Operating System:
Windows
Expected Behavior
Expected output from the os/exec Command() function to handle ShiftJIS text encoding.
[+]Executing command: shell [whoami /priv]
[+]Command output:
Created C:\WINDOWS\system32\cmd.exe process with an ID of 6768
PRIVILEGES INFORMATION
----------------------
特権名 説明 状態
============================= =============================================== ====
SeShutdownPrivilege システムのシャットダウン 無効
SeChangeNotifyPrivilege 走査チェックのバイパス 有効
SeUndockPrivilege ドッキング ステーションからコンピューターを削除 無効
SeIncreaseWorkingSetPrivilege プロセス ワーキング セットの増加 無効
SeTimeZonePrivilege タイム ゾーンの変更 無効
Actual Behavior
Strings with non UTF-8 character encodings are garbled or replaced with the Unicode code point U+FFFD�.
[+]Executing command: shell [whoami /priv]
[+]Command output:
Created C:\WINDOWS\system32\cmd.exe process with an ID of 11672
PRIVILEGES INFORMATION
----------------------
������ ���� ����
============================= =============================================== ====
SeShutdownPrivilege �V�X�e���̃V���b�g�_�E�� ����
SeChangeNotifyPrivilege �����`�F�b�N�̃o�C�p�X �L��
SeUndockPrivilege �h�b�L���O �X�e�[�V���������R���s���[�^�[���폜 ����
SeIncreaseWorkingSetPrivilege �v���Z�X ���[�L���O �Z�b�g�̑��� ����
SeTimeZonePrivilege �^�C�� �]�[���̕ύX ����
Steps to Reproduce Behavior
From an Agent running on a Windows host using Japaneese (ShiftJIS) as the primary language and system locale, execute a program that would include Japanese characters (e.g., shell whoami /priv)
Misc Information
The original issue was reported here Ne0nd0g/merlin#148
The `runas` Command Returns Access Denied When Running as NT AUTHORITY\SYSTEM
Prerequisite
Environment Data
- Merlin Version:
v1.3.0 - Merlin Build: N/A
- Go Version:
v1.17 - Operating System:
Windows
Expected Behavior
When the runas command is called from a process running as NT AUTHORITY\SYSTEM that it successfully creates the process.
Actual Behavior
The CreateProcessWithLogon function from os/windows/pkg/process/processes.go did not return errors from calling advapi32.CreateProcessWithLogon.
According to the Windows documentation for CreateProcessWithLogonW:
Windows XP with SP2,Windows Server 2003, or later: You cannot call CreateProcessWithLogonW from a process that is running under the "LocalSystem" account, because the function uses the logon SID in the caller token, and the token for the "LocalSystem" account does not contain this SID. As an alternative, use the CreateProcessAsUser and LogonUser functions.
Steps to Reproduce Behavior
- Execute an agent as
NT AUTHORITY\SYSTEM - Use the
runascommand
Merlin[agent][49f17327-a349-45ce-851b-488f3afca961]» runas ACME\\r.astley Password whoami
[-] Created job VqyAxRYuHi for agent 49f17327-a349-45ce-851b-488f3afca961 at 2022-03-13T13:49:38Z
[-] Results job VqyAxRYuHi for agent 49f17327-a349-45ce-851b-488f3afca961 at 2022-03-13T13:49:59Z
[!] there was an error calling CreateProcessWithLogon with return code 0: Access is denied.
Misc Information
Command output always fails to be sent properly after a failed connection
Prerequisite
Environment Data
- Merlin Version: 1.4.1
- Operating System: Kali Linux
Expected Behavior
- If a merlinAgent is unable to connect back to the merlinServer, but it has job results from previous commands, it should re-send the job results the next time the agent is able to connect again.
Actual Behavior
- If, for whatever reason, a merlinAgent is unable to check-in, it does not properly put the job results back on its queue and resend later. I have witnessed in the code the section where it is SUPPOSED to be doing this properly, but it doesn't. On the server side, you will never receive the output of the commands you ran previously, you always receive the following message: "[!] Invalid: 20 is not a valid job type".
Steps to Reproduce Behavior
- Easiest way to reproduce is with sub-interfaces or iptables. Ensure the sleep is long enough that you can have the agent check in and receive the tasking, then use iptables after that point to create a reject rule for the agent's return traffic to create at least one failed check-in, then disable the iptables rule and let the traffic flow properly. The sub-interfaces route - you can have the agent calling back to a sub-interface that you just bring up or down to simulate the failure to send the job results output the first time.
Misc Information
- This actually happens pretty frequently in networks with high latency and packet loss and especially in competitive events like CCDC. This also causes really strange "ghosting" behavior in agents where right after the OPAQUE Auth, if the agent fails to send back the initial AgentInfo that is requested, the agent will never establish properly and the server seems to eternally send the agent 404's.
Unable to satisfy the OPAQUE handshake
Prerequisite
Environment Data
Merlin Version: Latest
Merlin Build: Latest
Go Version: go version go1.20.3 linux/amd64
GOPATH Environment Variable: GOROOT=$HOME/go
GOROOT Environment Variable: PATH=$PATH:$GOROOT/bin
Operating System: Ubuntu 23.04
Expected Behavior
Connect back from the agent
Actual Behavior
Problems with the OPAQUE auth framework
there was an error sending the OPAQUE User Registration Initialization message to the server:
there was an error communicating with the server:
404
Steps to Reproduce Behavior
used http,https,h2c,http3 listeners and i have been unable to get a reverse connection from an agent.
either manually compiled, or i used the provided agent, server, dll.
Misc Information
STDOUT Not Returned When Running as SYSTEM with an Impersonation Token Applied
Prerequisite
Environment Data
- Merlin Version: v1.3.0
- Merlin Build:
- Go Version: 1.17
- Operating System: Windows 10
Expected Behavior
When I execute the run, shell, or execute-assembly command from an agent that is running as NT AUTHORITY\SYSTEM with a Windows access token applied to a thread, that output is returned.
Actual Behavior
No output is returned.
Merlin[agent][d4ec992f-1dcb-406c-8480-91f8a7ec918f]» run whoami
[-] Created job fxYvEwwXQa for agent d4ec992f-1dcb-406c-8480-91f8a7ec918f at 2022-03-07T23:23:41Z
[-] Results job fxYvEwwXQa for agent d4ec992f-1dcb-406c-8480-91f8a7ec918f at 2022-03-07T23:24:47Z
[+] Created whoami process with an ID of 7284
nt authority\system
Merlin[agent][d4ec992f-1dcb-406c-8480-91f8a7ec918f]» token steal 1668
[-] Created job xKwMzpuWEq for agent d4ec992f-1dcb-406c-8480-91f8a7ec918f at 2022-03-07T23:26:17Z
[-] Results job xKwMzpuWEq for agent d4ec992f-1dcb-406c-8480-91f8a7ec918f at 2022-03-07T23:26:40Z
[+] Successfully stole token from PID 1668 for user FLEET\gaius.baltar with LogonID 0x3E1B951
Merlin[agent][d4ec992f-1dcb-406c-8480-91f8a7ec918f]» run whoami
[-] Created job QxMhMXXtIB for agent d4ec992f-1dcb-406c-8480-91f8a7ec918f at 2022-03-07T23:26:48Z
[-] Results job QxMhMXXtIB for agent d4ec992f-1dcb-406c-8480-91f8a7ec918f at 2022-03-07T23:27:06Z
[+] Created C:\WINDOWS\system32\whoami.exe proccess with an ID of 7508
Steps to Reproduce Behavior
- Spawn an agent running as
NT AUTHORITY\SYSTEM - Make or steal a Windows access token
- Issue one of the following commands
run whoami,shell whoami, orexecute-assembly rubeus.exe klist
Misc Information
Agent Crashes When Executed Command Returns an Error
Prerequisite
Environment Data
- Merlin Version: v1.4.2
- Merlin Build: 5ac7f6e
- Go Version: 1.17
- GOPATH Environment Variable: N/A
- GOROOT Environment Variable: N/A
- Operating System: Windows
Expected Behavior
Expected to create a sacrificial logon session and then run a command without the agent crashing.
Actual Behavior
Agent crashes after creating a sacrificial logon session and then trying to run a command
Steps to Reproduce Behavior
- From a Windows agent, create a sacrificial logon sessions with
token make ACME\\RAstley password - Run a program with that token by issuing
run klist - Agent will crash
Misc Information
The problem is in the commands/exec_windows.go file because error checks are not performed before trying to reference the object:
cmd := exec.Command(application, args...)
cmd.SysProcAttr = attr
out, err := cmd.CombinedOutput()
stdout = fmt.Sprintf("Created %s process with an ID of %d\n", application, cmd.Process.Pid)
Initial Connections Don’t Use Padding
I’m not sure if it’ll break the OPAQUE/initial handshake connections or not but I noticed that those first few connections are always the same size and do not apply the “padding” option. Especially if the server listener is not on, those connections coming in repeatedly with the same size are noticeable.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.