pkg.gl

Categorygithub.com/Ne0nd0g/merlin-agentcommands

package

1.6.5

Repository: https://github.com/ne0nd0g/merlin-agent.git

Documentation: pkg.go.dev

# Functions

CLR

CLR is the entrypoint for Jobs that are processed to determine which CLR function should be executed.

CreateProcess

CreateProcess spawns a child process with anonymous pipes, executes shellcode in it, and returns the output from the executed shellcode.

Download

Download receives a job from the server to download a file to host where the Agent is running.

ExecuteCommand

ExecuteCommand runs the provided input program and arguments, returning results in a message base.

ExecuteShellcode

ExecuteShellcode instructs the agent to load and run shellcode according to the input job.

ExecuteShellcodeCreateProcessWithPipe

ExecuteShellcodeCreateProcessWithPipe creates a child process, redirects STDOUT/STDERR to an anonymous pipe, injects/executes shellcode, and retrieves outputlint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeQueueUserAPC

ExecuteShellcodeQueueUserAPC executes provided shellcode in the provided target process using the Windows QueueUserAPC API calllint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeRemote

ExecuteShellcodeRemote executes provided shellcode in the provided target processlint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeRtlCreateUserThread

ExecuteShellcodeRtlCreateUserThread executes provided shellcode in the provided target process using the Windows RtlCreateUserThread calllint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

ExecuteShellcodeSelf

ExecuteShellcodeSelf executes provided shellcode in the current processlint:ignore SA4009 Function needs to mirror exec_windows.go and inputs must be used.

Memfd

Memfd places a linux executable file in-memory, executes it, and returns the results Uses the linux memfd_create API call to create an anonymous file https://man7.org/linux/man-pages/man2/memfd_create.2.html http://manpages.ubuntu.com/manpages/bionic/man2/memfd_create.2.html.

Memory

Memory is a handler for working with virtual memory on the host operating system.

MiniDump

MiniDump is the top-level function used to receive a job and subsequently execute a Windows memory dump on the target process The function returns the memory dump as a file upload to the server.

Native

Native executes a golang native command that does not use any executables on the host.

Netstat

Netstat is used to print network connections on the target system.

Pipes

Pipes is only a valid function on Windows agents...for now.

PS lists running processes Only available on Windows.

RunAs

RunAs creates a new process as the provided user.

Setup

Setup is used to prepare the environment or context for subsequent commands and is specific to each operating system.

SSH

SSH executes a command on a remote host using the SSH protocol and does not provide an interactive session.

TearDown

TearDown is the opposite of Setup and removes and environment or context applications.

Token

Token is the entrypoint for Jobs that are processed to determine which Token function should be executed.

Upload

Upload receives a job from the server to upload a file from the host to the Merlin server.

Uptime

Uptime retrieves the system's uptime Windows only.