[!]Invalid Activity with version 0.8.0

[misterch0c]

Environment Data

• Merlin Version: 0.8.0
• Merlin Build: Built the agent from source with go build -ldflags "-H=windowsgui -X main.url=https://6.6.6.12:443/" -o merlinAgent.exe cmd/merlinagent/main.go
• Go Version: 1.12
• Operating System: Windows for client, Linux for Server.

Expected Behavior

Get stable connection in the server

Actual Behavior

Merlin» [-]Received HTTP POST Connection from 6.6.6.46:443
[DEBUG]HTTP Connection Details:
[DEBUG]Host: 6.6.6.12:443
[DEBUG]URI: /
[DEBUG]Method: POST
[DEBUG]Protocol: HTTP/2.0
[DEBUG]Headers: map[Content-Length:[5957] Accept-Encoding:[gzip] User-Agent:[Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36] Content-Type:[application/octet-stream; charset=utf-8] Authorization:[Bearer eyJhbGciOiJkaXIiLCJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwidHlwIjoiSldUIn0..fQAgJ3IEDCLhT2lI.WT1eaaIoSk5veZ-bJRKr7bLUM4kd_jIkfKs9WUiaez_HIj34Nj38cO12zsCQsH8eHhdkRrWJrtjq8I24T59HvtObnpTWyY-idZMMsMbRBSA9Ub4ew2ljJyYv532KAqP60-Tkj1OK5XTPVuu6Rkzt-StycEArEwLNZPJm3XZpudDlcIUo0MMDtbWzsk1X-shc3HhYSwTw0eyVlk6VqxNv6EP9M0lPHyQsuIqWSfquNHPWZscWRtp09dhNyAg.SsI64DQ_KfTELnXCIUWMlw]]
[DEBUG]TLS Negotiated Protocol: h2
[DEBUG]TLS Cipher Suite: 49200
[DEBUG]TLS Server Name:
[DEBUG]Content Length: 5957
[DEBUG][DEBUG]POST DATA: {%!s(float32=0) 00000000-0000-0000-0000-000000000000  %!s(*json.RawMessage=&[]) }
[!]Invalid Activity:
Merlin»

Steps to Reproduce Behavior

Just run it...

Misc Information

Note that I used Linux for the server because the 0.8.0 server automatically shuts down after running on Windows 10 (tried in 2 different desktop, no vm).

I also tried the agent on MacOS and had the same issue (invalid activity).
Downgrading the agent to 0.7 fixed it but then some functionalities were not available.

[Ne0nd0g]

Thanks for reporting this. I'll look into it.

[Ne0nd0g]

@misterch0c Did you execute the Merlin Server from an elevated command prompt on the Windows host? If you don't, the server will quit because it can't bind to the port.

I see that the last [DEBUG] message in the output you provided says it contained JSON data. Version 0.8.0 removed the use of JSON. Can you recompile the Windows agent but remove -H=windowsgui. This will allow you to see the agent output. Can you run the new compiled agent and send back the version and build along with the debug output?

Did you get the same errors running the release versions instead of compiling them?

[misterch0c]

Yes, it's an elevated command prompt on Windows:

proof:

Now for the rest... It seems it was on my side. I just tried again and it worked fine. Only difference is I'm using a VM now vs second laptop earlier... I will let you know if I run into issues again, I need to get my hands on a mac also to try the agent there.

[Ne0nd0g]

@misterch0c I'm hoping to be able to duplicate the error you're seeing when running the Merlin Server on Windows. Would you be willing to share the OS version information? Is it possible that something else was already bound to port 443?

I'm running Microsoft Windows [Version 10.0.17763.678] and I can't seem to duplicate the error.

[Ne0nd0g]

Please let me know if you have any problems with the Mac (Darwin) agent. I was able to run it on my test Mac without error.