Tech Support: OpenVPN Connection

[MavericksGooses]

I have followed each command and read every doc on both the Merlin side as well as the Mythic side. I even watched your personal video. I have a Linux Kali machine. When I begin to create the payload, I can only see the merlin and https as open and running while connected to my localhost. I connect OpenVPN in order to tunnel my 127.0.0.1 and use that tunnel as the call back address and port. I am using https://mytunnel.portmap.io:8568 > 7443 ( where that address points directly to my local ip at address 7443. I am using the https://mytunnel.portmap.io as the callback and 8568 as the call back port, as they entirety of the URL points directly to localhost on port 7443. I cannot get the agent to connect. Can you assist?

[Ne0nd0g]

Hey @MavericksGooses , I would be happy to help. When you build the Merlin agent, enable the debug and verbose output so you can see what the HTTP traffic is doing on the agent.

By default, Mythic's HTTP profile listens on port 80. You should reconfigure it if you want to receive agent traffic on a different port. Port 7443 is used to reach you the Mythic web interface to control Mythic, but that port is not used for agent traffic.

Stop by either the #merlin or #mythic channels on the BloodHound slack to chat more about it. https://bloodhoundgang.herokuapp.com/

[MavericksGooses]

In order for the agents to connect to Mythic am I suppose to download the prebuilt agents, or use Mythic to compile them?

[Ne0nd0g]

You must build the agent with Mythic. You can't use the prebuilt agents from this repository or build agents from the GitHub.com/Ne0nd0g/merlin-agent repository. This is because Mythic uses a special payload uuid to check in with. Additionally, when using Mythic the HTTP traffic and encryption are completely different.

[MavericksGooses]

I am using portmap with Open VPN to tunnel both https://127.0.0.1:7443 as well as the agents to http://127.0.0.1:80. Using tunneling, I need to initiate 2 VPN connections in order for both the agents and the Mythic server to operate if I am not mistaken ( I could be wrong ) Unfortunately I don't believe I can run 2 separate VPN profiles as they give out 2 different IP's. This is where I am running into issues.

[Ne0nd0g]

Solving VPN connections is outside the scope of this project. You might take a look into SSH tunnels, a HTTP proxy, or a SOCKS tool.

[MavericksGooses]

I have to get the agent and the server to connect properly or the project does not work, To me, that seems within the realm of support. It is my fault, I am not nearly as intelligent as you, I could never develop such a perfect design, I cannot even figure out how to properly connect to it. I have been dedicating all of my time though, ALL of it. I figured out today that I could create an A record but since the mythic uses port 80 and merlin uses https this causes discrepencies. I just want it to work.

[MavericksGooses]

Ok so I finally got everything established and operational! It was something so simple I had been overlooking, isn't it always?? I often over-analyze and end up making mistakes. Thank you for your continued support! Any idea as to how I should start looking on building the iOS agent?

[Ne0nd0g]

Glad you were able to get it resolved. Did it turn out to be a problem with Merlin?

I have never looked into building an iOS agent, but Merlin can be compiled to work on macOS which is different.

[MavericksGooses]

It was entirely my own fault, Merlin is incredible. I read on the git hub page that the go compiler can cross compile so I am reading into this further. Can it cross compile into an apk? Also, it's a feature has Orpheus which I think is ios related?? I keep getting errors when trying to clone it.