Closed fmirahmadi closed 4 years ago
Is there a reason you are trying to run a windows module on a linux agent?
5adafe61-0827-49cc-a56b-fb83e1c4e803 is a windows agent. you can see it in the agent list Merlin» agent list
+--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | AGENT GUID | PLATFORM | USER | HOST | TRANSPORT | STATUS | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | 5adafe61-0827-49cc-a56b-fb83e1c4e803 | windows/amd64 | WIN-F7I54C7428A\mahdi | WIN-F7I54C7428A | HTTP/2 (h2) | Active | | ffba5858-9d51-4e2b-8747-cc54b7c0360d | linux/amd64 | mahdi | ubuntu | HTTP/2 (h2) | Active | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+
ah I see, it's pretty hard to decipher the way you've posted it, try using code tags.
I've confirmed this on my side, I'll dig into it in a bit.
Thank you I run merlin Server in kali linux and I have two agents. one win7 and another ubuntu.
Looks like the module json file (https://github.com/Ne0nd0g/merlin/blob/master/data/modules/windows/x64/powershell/powersploit/Invoke-Mimikatz.json) is missing some info for the powersploit entries. If it's urgent, you can fix it by adding the line:
"type": "standard",
Immediately after the line
"base": {
I'll submit a PR to dev sometime in the next few days if nobody gets to it first
I cant understand! how should i do this?
I'll push a fix to dev in a couple of hours.
Prerequisite
Environment Data
Merlin» agent list
+--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | AGENT GUID | PLATFORM | USER | HOST | TRANSPORT | STATUS | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | 5adafe61-0827-49cc-a56b-fb83e1c4e803 | windows/amd64 | WIN-F7I54C7428A\mahdi | WIN-F7I54C7428A | HTTP/2 (h2) | Active | | ffba5858-9d51-4e2b-8747-cc54b7c0360d | linux/amd64 | mahdi | ubuntu | HTTP/2 (h2) | Active | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+
Merlin» use module windows/x64/powershell/powersploit/Invoke-Mimikatz Merlin[module][Invoke-Mimikatz]» show options
Agent: 00000000-0000-0000-0000-000000000000
Module options(Invoke-Mimikatz)
+--------------+--------------------------------------+----------+--------------------------------+ Agent | 00000000-0000-0000-0000-000000000000 | true | Agent on which to run module
| | | Invoke-Mimikatz
DumpCreds | true | false | [Switch]Use mimikatz to dump
| | | credentials out of LSASS.
DumpCerts | | false | [Switch]Use mimikatz to export
| | | all private certificates
| | | (even if they are marked
| | | non-exportable).
Command | | false | Supply mimikatz a custom
| | | command line. This works
| | | exactly the same as running
| | | the mimikatz executable
| | | like this: mimikatz
| | | "privilege::debug exit" as an
| | | example.
ComputerName | | false | Optional, an array of
| | | computernames to run the
| | | script on.
Merlin[module][Invoke-Mimikatz]» set Agent 5adafe61-0827-49cc-a56b-fb83e1c4e803 [+]agent set to 5adafe61-0827-49cc-a56b-fb83e1c4e803 Merlin[module][Invoke-Mimikatz]» show options
Agent: 5adafe61-0827-49cc-a56b-fb83e1c4e803
Module options(Invoke-Mimikatz)
+--------------+--------------------------------------+----------+--------------------------------+ Agent | 5adafe61-0827-49cc-a56b-fb83e1c4e803 | true | Agent on which to run module
| | | Invoke-Mimikatz
DumpCreds | true | false | [Switch]Use mimikatz to dump
| | | credentials out of LSASS.
DumpCerts | | false | [Switch]Use mimikatz to export
| | | all private certificates
| | | (even if they are marked
| | | non-exportable).
Command | | false | Supply mimikatz a custom
| | | command line. This works
| | | exactly the same as running
| | | the mimikatz executable
| | | like this: mimikatz
| | | "privilege::debug exit" as an
| | | example.
ComputerName | | false | Optional, an array of
| | | computernames to run the
| | | script on.
Merlin[module][Invoke-Mimikatz]» run [-]Created job GgVSoTEoZE for agent 5adafe61-0827-49cc-a56b-fb83e1c4e803 at 2019-04-17T05:11:22Z Merlin[module][Invoke-Mimikatz]» [!]There was an error during an Agent StatusCheckIn: invalid job type, sending ServerOK
please help me