Cheap Security Lab Training with Raspberry Pi 4, Docker & Kali Linux

The Raspberry Pi is a small yet power platform that is perfect for building a cost effective cybersecurity training lab. In this article we will look at installing Docker on a Raspberry Pi 4 (4GB) running Kali Linux (64 bit).

The case pictured is the Official Raspberry Pi 7″ touchscreen in a modified touchscreen case. It was made for the Pi 3, only slight modifications were made so the Pi 4 could fit in it. Modify cases at your own risk, you could cut yourself or destroy your case.

Installing Kali Linux on a Pi 4

This article assumes that you have already installed and updated Kali Linux on your Pi 4. If you have not, simply download the 64 bit Kali Linux 4 ARM image from Offensive Security.

Extract the image, write it to an MicroSD Card, insert it into your Pi4, attach peripherals, and power last of all. Allow the system to boot up completely.

Login with “kali/ kali” – Since Kali 2020, you no longer use “root/ toor” to log in. Reboot, Update and Upgrade, and reboot one last time. You are now ready to install Docker.

Installing Docker on Raspberry Pi

Full docs for installing Docker on the Pi are available on the Official Kali Website: https://www.kali.org/docs/containers/installing-docker-on-kali/

  • sudo apt update
  • sudo apt install -y docker.io
  • sudo systemctl enable docker –now
  • docker

You can add a user to the Docker group if you wish:

  • sudo usermod -aG docker username

You may need to start the Docker service manually

  • sudo service docker start

That’s it! You can now run Docker and install any Docker images that you want.

OWASP Juice Shop on the Raspberry Pi

Some Docker containers will not run on ARM, but you can find ports for some of the more popular ones. Just realize that some times these aren’t “Official” images, so proceed with due caution.

Also, the purposefully vulnerable Docker Images are just that, so follow all precautions necessary to protecting your systems while running them. The most preferred method is a stand alone local address only test LAN, disconnected or firewalled from both the internet and any production systems.

We will install the Docker “OWASP Juice Shop” image from the Docker library. This is an ARM port of the official OWASP Juice Shop program.

Tool website: https://hub.docker.com/r/santosomar/juice-shop-arm64

To install, and run, simply open a terminal and type:

  • docker run -d –name juice-shop -p 3000:3000 santosomar/juice-shop-arm64

Docker will pull down the image, and run it.

Once it is installed:

  • Open a browser and navigate to localhost:3000 or IP_Address:3000

You are now good to go! You can begin testing your skills locally on the Pi or you can use a LAN system to practice your skills. A full write up on “Pwning OWASP Juice Shop” can be found here:

https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/

and a list of Solutions can be found here:

https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/appendix/solutions.html

A list of challenges for Juice Shop is available. As you complete each challenge, the website keeps track of your pwning progress. Here is one of my favorites, the “Melee Kitty”!

Enjoy and most importantly, have fun!

If you would like to learn a lot more about using Raspberry Pis in the security field, check out my latest book, “Security Testing with Raspberry Pi“!

WIO Terminal: Powerful All-in-One Arduino

Today we are going to take a quick look at the WIO Terminal – The all-in-one Arduino solution from Seeedstudio. I received a review unit from Seeed to test and had a blast, so let’s get to it!

This feature loaded device includes a 2.4” display, Wi-Fi, MicroSD Card Reader, microphone, IR Emitter, and more. At the pricepoint of about $30, it is very affordable. Of all the Arduino device I have tested in the last few months, the WIO Terminal is easily the most impressive. I also think it will be the one that will be the most useful in the security testing field.

The WIO Terminal comes with a 2.4” Display built in. You can custom program the display using code, or display photos & images, or app output. You can program the buttons to scroll through the pictures or as input. You could use the WIO to play games, a simple one was pre-encoded on the device when I received it:

There are a lot of walk throughs and excellent code examples for every feature on the WIO Terminal Wiki. You can use any of the demo programs included in the WIO Terminal Wiki to get up and running quickly.

Like playing with the built in sensors:

You can store and save files to the MicroSD card, just format it as FAT32 (See the WIO Terminal Wiki for coding instructions).

You can display images or run a photo display show. Just use the photo display example, and drag and drop the photos to the SD card before you insert it into the WIO.

You could add sound using the built in buzzer. For “May the 4th” day, I had the WIO show an image of Darth Vader and play the Imperial March!

Another cool features of the WIO that I haven’t seen in other devices, is that it has built in magnets. This would allow you place the WIO on any metal surface and it will stick (your battery source would need to have magnest also). This could come in handy during a Red Team or Pentest, just snap the device onto a metal cabinet or inside a desk.

The built in microphone is a very interesting feature – you could program it to trigger on sound:

More capabilities are being added to the microphone library, so I am thinking at some point you would be able to record sound and save it on the internal SDCard. Of course, as a pentester, you wouldn’t want it to say “Microphone Reading”, lol.

Maybe something more like this:

The WIO can also connect to and act like a Raspberry Pi HAT!
Note: connector pins not included

The WIO Terminal can act as a USB client or host, I think this will be a great opportunity to turn the WIO into a HiD attack device, like a Rubber Ducky. Maybe at some point a USB ethernet connector would work with it, that would be very interesting. There were some coding issues with the HiD interface when I tried it out, but it is being worked on as we speak, and will be fixed soon.

Add in the ability to scan and attach to WiFi networks and you really have a complete programmable security tool. I did have trouble with the WiFi on my prototype board, but again, it seemed to be a coding issue and I am sure it will be taken care of soon.

It has two built in Grove connectors so you can attach a wide variety of sensors to it, greatly increasing its capabilities. Or use a WIO Link card to greatly increase its sensor connectivity:

I am really looking forward to delving deeper into this tool in the next few months. I think it has the capabilities to be a great addition to a Pentester’s toolkit, with the right programming and connected sensors. The WIO Terminal from Seeedstudio, Check it out!

Seeeduino XIAO – Small but Powerful Arduino Board

Seeedstudio XIAO Product Page
Seeedstudio XIAO WIKI

Stuck at home because of the quarantine, and looking for something to do? Look no further, how about creating a DIY project with Seeeduino XIAO! Seeedstudio sent me their newest Arduino board and several Grove sensors for testing and review. I honestly have to say, I haven’t had this much fun playing with hardware in a long time!

I will give a quick overview of the Seeeduino XIAO and show a few examples of it interfacing with sensors. My personal goal for using the XIAO is twofold, to make smarter “Magic Mirrors”, and Red Team Pentest drop boxes. In this article, I quickly show how I used a XIAO and an LED Ring in an Arduino Magic Mirror. In future articles, I will show how to make smarter drop boxes with Grove sensors (I talk about one way to do this in my previous Seeed article).

Basically, imagine a Magic Mirror that turns on when you enter the room. Or one that could display a changing color bar that syncs with music. For my pentester friends, imagine smart drop boxes, ones that only scan for WiFi devices when there is a human in the room, or one that sleeps when the lights are off and only activates when someone turns the room lights on. All of this and more is/ should be possible with Grove sensors and an Arduino or Raspberry Pi board.

Alright, enough intro, let’s look at the Seeeduino XIAO!

The Hardware

The Seeeduino XIAO is Seeedstudio’s smallest Arduino board. It is about the size of a US Penny, and only about $5 – but it is a fully functional Arduino board. The tiny board comes with breadboard leads that you can solder to the board, if you wish. I haven’t soldered in a long time, so soldering the leads to the board was a little challenging at first, but then I found that just laying the tip on the middle top edge of every pin worked great!

You probably want your pins so they are longer on the bottom, so they will connect into the breadboard. For my future projects, I wanted the pins coming out the top of the board, so I can install it flush to the bottom of a case, so mine are “upside down”.

The Software

The Seeedstudio XIAO Wiki covers downloading the necessary drivers and setting up the Arduino environment, so I am not going to cover it.

Basically,

  • Download the Arduino IDE – https://www.arduino.cc/en/Main/Software
  • Start Arduino IDE, follow the instructions in the WIKI on installing the XIAO board and configuring the correct port for it (Getting Started section)
  • Load the “Blink” program in the examples, and compile and upload it, to make sure everything is setup properly

That’s it! Your XIAO is now ready for your projects!

Mini Seeeduino & Grove Weather Station

Using the XIAO and a Grove Sensor together is a snap, they interface very easily together. Though, you will need to either use jumper wires or modify a Grove connector to connect them to the XIAO. On some sensors, like the High Precision Barometric Pressure Sensor (DPS310), you can just use female to female jumper wires.

Using the Barometric Sensor, you can quickly and easily create a mini weather station! Just follow the instructions on the Seeedstudio GitHub Page, make the correct wire connections, compile and run the program, switch to the Arduino monitor, and you will see both pressure and temperature settings. This is shown in the picture above.

Login to a Raspberry Pi Through a XIAO

Another cool thing you can do with the XIAO is use it as a USB to serial interface. One use for this setup is to login to a Raspberry Pi through a Windows 10 USB connection!

Complete instructions for doing this can be found in the XIAO Wiki, just follow the steps to wire your Pi to your Arduino. Compile and load the program onto the XIAO. Run Putty on your Windows 10 system, configuring it to connect to the XIAO Com port. Then power on your Pi, configure it to allow the Serial Terminal in Raspi-Config, or set the Uart command in config.txt (instructions in the Wiki) and you are good to go.

Once everything is setup, hit, “enter” in the Putty terminal and you will see the Raspberry Pi login screen! As seen in the picture above – How cool is that?

Grove LED Ring

The Seeed Wiki doesn’t cover how to use the Grove LED ring with the XIAO, but it is very easy. Just follow the instructions given on the Grove Ring Wiki:

  • Connect the LED ground to XIAO ground, +V to 3.3 on the XIAO, and Signal to pin 6.
  • Install the Grove LED ring Library
  • Then run any of the bottom (not the first) programs listed in the Grove Wiki

And you should see something like the picture below:

That’s it, you can quickly and easily control the LED ring with the XIAO!

The nice thing is that you can use the XIAO as a very cost-effective LED controller in your projects. For example, I used mine in an Android Magic Mirror that I made a while back. Magic mirrors are very easy to make, I just used an old Android tablet, Magic Mirror software (there are several to choose from), a large picture frame and a piece of one-way glass that fit into the frame. The Android display shines through the 1-Way glass and seems to appear in the mirror.

I mounted the XIAO and the LED ring into my magic mirror and it worked fantastic!

The LED ring, powered by the XIAO showed extremely well through the Magic Mirror glass. Again, this is a “step one” proof of concept kind of thing. Additional work with straight LED’s and you could light the entire edges up, or possible, with something like a Raspberry Pi, you should be able to get the LED ring to sync to music as a song played.

Conclusion

I only briefly covered a handful of possibilities with using the XIAO. As I mentioned earlier, this board was a lot of fun to tinker with, it is a great project board for small and large projects alike. I really look forward to using this in future drop box and Magic Mirror projects. If you want something a little larger, with built in Wi-Fi and an LCD screen, I will be reviewing the WIO Terminal soon!

Covenant the .NET based C2 on Kali Linux

There are many Command and Control Frameworks for Pentesters and Red Teamers to use. Covenant is a nice .NET based C2 environment that works great on Kali Linux. In this article we will cover installing and the very basic usage of Covenant.

When using Covenant, you first create “listeners”. These listen for incoming connections from “launchers”. Next, you create “launchers”, or basically, the exploit payloads. When the launchers are run on a target system, they connect back to Covenant as “Grunts”. Lastly, you control the Grunts by interacting with them and running “Tasks”.

Covenant uses SharpSploit for the Tasks. SharpSploit is basically a .NET exploitation library written in C#, that is similar to the PowerSploit project.

Use 64 bit Kali only, the install errors out on 32 bit Kali

Installing Covenant

Tool Author: Ryan Cobb
Tool Website: https://github.com/cobbr/Covenant

Install and usage of Covenant is heavily and thoroughly documents on the tool WiKi site at https://github.com/cobbr/Covenant/wiki/Installation-And-Startup. I highly recommend the reader use and follow this site for the latest instructions. As such, this will just be a quick overview of installing Covenant.

Download and install Covenant

NOTE: You need two dashes in front of the “recurse-submodules” command. WordPress combines them into one.

Next, Download and install DotNet core version 2.2 SDK from Microsoft. Instructions can be found here:

https://dotnet.microsoft.com/download/dotnet-core/2.2

Instructions copied below for your convenience:

If this doesn’t work, you are probably trying to us 32 bit or the wrong platform (ARM vs amd64).

Lastly, just build and run Covenant:

  • cd Covenant/Covenant
  • dotnet build
  • dotnet run

You will now be presented with the Covenant Login Screen:

At this point you will create an admin user for Covenant.

  • Enter a username and password

And that’s it, Covenant is ready for use:

Now we need to create a Listener, build a launcher and get ready for shells!

Build a Listener

Covered at https://github.com/cobbr/Covenant/wiki/Listeners

This will only allow you to create an HTTP listener, you can create more involved listeners with C2 Bridge, see the tool documentation.

  • On the Covenant Menu, click “Listeners”

All we need to do is change the “ConnectAddress” to the Kali Linux IP Address.

  • When finished, click “+ Create”

A new listener should now show up on the Listeners Dashboard

You can click on the Listener name to get info on the listener and Stop/ Start or Delete it.

Generate a Launcher

Launcher Wiki page: https://github.com/cobbr/Covenant/wiki/Launchers

Now all we need to do is create our Launcher to run on the target system.

  • Click “Launchers”
  • Pick a Launcher type

Check out the Launcher Wiki page for an explanation of each type. Let’s create an MsBuild launcher.

  • Click “MsBuild”
  • Generate
  • Download

And That’s it! Download the file and run it using MSBuild on the target system. If the system is vulnerable, you get a shell:

If it runs successfully, a new Grunt, or remote shell connection will show up in the Covenant Dashboard under “Grunts”:

  • Click on the Grunt name
  • Click “Interact” to interact with the Grunt

Here you can run tasks, enter the task name and then send it.

In the screen above, I have run many tasks, the last runs the Keylogger for 10 seconds. Click on “Taskings” and the Task name to view the output of each command

Conclusion

In this article we quickly covered installing and using the Covenant .NET based Command and Control framework. This is a very heavily developed and well working framework. If you haven’t seen it, I highly recommend you try it out.

I had mixed results running this “out of the box” against a Windows 10 system. Microsoft Defender detects and blocks the launchers pretty quickly. So advanced users may need to modify the payloads. This may or may not work flawlessly against other anti-viruses with no modifications. 🙂