Closed didayeda closed 2 years ago
Ne0nd0g
commented
2 years ago Hey @didayeda thanks for sharing this feedback. Can you elaborate on the first issue and provide an example?
Merlin is able to issue commands to all agents or a group of agents with the group command https://merlin-c2.readthedocs.io/en/latest/server/menu/agents.html#group
didayeda
commented
2 years ago After testing it, the echo of code 932 was garbled MerAfter testing it, the echo of code 932 was garbledlin[agent][9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be]» shell chcp [-] Created job adAFHSKXiP for agent 9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be at 2022-02-25T12:35:11Z
[-] Results job adAFHSKXiP for agent 9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be at 2022-02-25T12:36:19Z
[+] ���R�[�h �y�[�W: 932
[-] Results job XGvvwyWOoO for agent ad94dad0-2f6d-4966-92dc-ffa54d8c641e at 2022-02-25T03:46:35Z [+] ������𐳂����I�����܂����B
After testing, the terminal encoding 437 can echo normally.
Ne0nd0g
commented
2 years ago What version and build of the agent are you using? What OS is the agent running on?
didayeda
commented
2 years ago The version compiled on git 1.2.1 is used, and the machine information of the agent running is Microsoft Windows Server 2012 R2 Standard 6.3.9600
Ne0nd0g
commented
2 years ago Can you try run whoami and shell whoami and post both the commands and the results here? Did you build the agent yourself or use the prebuilt version?
didayeda
commented
2 years ago I used the prebuilt version。shell and run command is ok。 Merlin[agent][9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be]» run whoami Merlin[agent][9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be]» [-] Created job zcGXiUtjgC for agent 9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be at 2022-02-26T09:58:53Z
[-] Results job zcGXiUtjgC for agent 9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be at 2022-02-26T09:59:42Z
[+] Created whoami process with an ID of 823540 nt authority\system Merlin[agent][9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be]» shell whoami Merlin[agent][9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be]» [-] Created job tHwUWaLFkf for agent 9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be at 2022-02-26T10:00:07Z
[-] Results job tHwUWaLFkf for agent 9ee3c5a5-e7aa-4d56-80f6-d701bd80d0be at 2022-02-26T10:00:59Z
[+] nt authority\system
Ne0nd0g
commented
2 years ago I'm not able to easily reproduce the problem. Can you try to run Merlin Server v1.3 and Merlin Agent v1.3 from the releases section of GitHub? What operating system are you running the Merlin server on? What is your default language pack where the agent is running?
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» shell chcp
[-] Created job VlyNfXXwdA for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-02-27T18:37:29Z
[-] Results job VlyNfXXwdA for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-02-27T18:38:22Z
[+] Active code page: 932
Merlin[agent][b33d4af8-f48c-4dfa-9677-09986481dcdf]» shell chcp 437
[-] Created job seAXEsdPGt for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-02-27T18:41:21Z
[-] Results job seAXEsdPGt for agent b33d4af8-f48c-4dfa-9677-09986481dcdf at 2022-02-27T18:41:34Z
[+] Active code page: 437I created a Windows Server 2012 R2 VM and installed the Japanese language pack and made it my primary language. However, I was unable to set the CodePage with chcp 932, it would say "Invalid code page" even though it shows up in the registry. I was able to display some Japanese characters with Merlin though. I'm not sure what else I can do to reproduce the original error.
Ne0nd0g
commented
2 years ago @didayeda I wanted to follow up one last time before I close the issue. I'm unable to reproduce the issue.
1 The result of the shell execution is garbled, which should be related to the encoding of the agent side.