WIO Terminal: Powerful All-in-One Arduino

Today we are going to take a quick look at the WIO Terminal – The all-in-one Arduino solution from Seeedstudio. I received a review unit from Seeed to test and had a blast, so let’s get to it!

This feature loaded device includes a 2.4” display, Wi-Fi, MicroSD Card Reader, microphone, IR Emitter, and more. At the pricepoint of about $30, it is very affordable. Of all the Arduino device I have tested in the last few months, the WIO Terminal is easily the most impressive. I also think it will be the one that will be the most useful in the security testing field.

The WIO Terminal comes with a 2.4” Display built in. You can custom program the display using code, or display photos & images, or app output. You can program the buttons to scroll through the pictures or as input. You could use the WIO to play games, a simple one was pre-encoded on the device when I received it:

There are a lot of walk throughs and excellent code examples for every feature on the WIO Terminal Wiki. You can use any of the demo programs included in the WIO Terminal Wiki to get up and running quickly.

Like playing with the built in sensors:

You can store and save files to the MicroSD card, just format it as FAT32 (See the WIO Terminal Wiki for coding instructions).

You can display images or run a photo display show. Just use the photo display example, and drag and drop the photos to the SD card before you insert it into the WIO.

You could add sound using the built in buzzer. For “May the 4th” day, I had the WIO show an image of Darth Vader and play the Imperial March!

Another cool features of the WIO that I haven’t seen in other devices, is that it has built in magnets. This would allow you place the WIO on any metal surface and it will stick (your battery source would need to have magnest also). This could come in handy during a Red Team or Pentest, just snap the device onto a metal cabinet or inside a desk.

The built in microphone is a very interesting feature – you could program it to trigger on sound:

More capabilities are being added to the microphone library, so I am thinking at some point you would be able to record sound and save it on the internal SDCard. Of course, as a pentester, you wouldn’t want it to say “Microphone Reading”, lol.

Maybe something more like this:

The WIO can also connect to and act like a Raspberry Pi HAT!
Note: connector pins not included

The WIO Terminal can act as a USB client or host, I think this will be a great opportunity to turn the WIO into a HiD attack device, like a Rubber Ducky. Maybe at some point a USB ethernet connector would work with it, that would be very interesting. There were some coding issues with the HiD interface when I tried it out, but it is being worked on as we speak, and will be fixed soon.

Add in the ability to scan and attach to WiFi networks and you really have a complete programmable security tool. I did have trouble with the WiFi on my prototype board, but again, it seemed to be a coding issue and I am sure it will be taken care of soon.

It has two built in Grove connectors so you can attach a wide variety of sensors to it, greatly increasing its capabilities. Or use a WIO Link card to greatly increase its sensor connectivity:

I am really looking forward to delving deeper into this tool in the next few months. I think it has the capabilities to be a great addition to a Pentester’s toolkit, with the right programming and connected sensors. The WIO Terminal from Seeedstudio, Check it out!

Seeeduino XIAO – Small but Powerful Arduino Board

Seeedstudio XIAO Product Page
Seeedstudio XIAO WIKI

Stuck at home because of the quarantine, and looking for something to do? Look no further, how about creating a DIY project with Seeeduino XIAO! Seeedstudio sent me their newest Arduino board and several Grove sensors for testing and review. I honestly have to say, I haven’t had this much fun playing with hardware in a long time!

I will give a quick overview of the Seeeduino XIAO and show a few examples of it interfacing with sensors. My personal goal for using the XIAO is twofold, to make smarter “Magic Mirrors”, and Red Team Pentest drop boxes. In this article, I quickly show how I used a XIAO and an LED Ring in an Arduino Magic Mirror. In future articles, I will show how to make smarter drop boxes with Grove sensors (I talk about one way to do this in my previous Seeed article).

Basically, imagine a Magic Mirror that turns on when you enter the room. Or one that could display a changing color bar that syncs with music. For my pentester friends, imagine smart drop boxes, ones that only scan for WiFi devices when there is a human in the room, or one that sleeps when the lights are off and only activates when someone turns the room lights on. All of this and more is/ should be possible with Grove sensors and an Arduino or Raspberry Pi board.

Alright, enough intro, let’s look at the Seeeduino XIAO!

The Hardware

The Seeeduino XIAO is Seeedstudio’s smallest Arduino board. It is about the size of a US Penny, and only about $5 – but it is a fully functional Arduino board. The tiny board comes with breadboard leads that you can solder to the board, if you wish. I haven’t soldered in a long time, so soldering the leads to the board was a little challenging at first, but then I found that just laying the tip on the middle top edge of every pin worked great!

You probably want your pins so they are longer on the bottom, so they will connect into the breadboard. For my future projects, I wanted the pins coming out the top of the board, so I can install it flush to the bottom of a case, so mine are “upside down”.

The Software

The Seeedstudio XIAO Wiki covers downloading the necessary drivers and setting up the Arduino environment, so I am not going to cover it.

Basically,

  • Download the Arduino IDE – https://www.arduino.cc/en/Main/Software
  • Start Arduino IDE, follow the instructions in the WIKI on installing the XIAO board and configuring the correct port for it (Getting Started section)
  • Load the “Blink” program in the examples, and compile and upload it, to make sure everything is setup properly

That’s it! Your XIAO is now ready for your projects!

Mini Seeeduino & Grove Weather Station

Using the XIAO and a Grove Sensor together is a snap, they interface very easily together. Though, you will need to either use jumper wires or modify a Grove connector to connect them to the XIAO. On some sensors, like the High Precision Barometric Pressure Sensor (DPS310), you can just use female to female jumper wires.

Using the Barometric Sensor, you can quickly and easily create a mini weather station! Just follow the instructions on the Seeedstudio GitHub Page, make the correct wire connections, compile and run the program, switch to the Arduino monitor, and you will see both pressure and temperature settings. This is shown in the picture above.

Login to a Raspberry Pi Through a XIAO

Another cool thing you can do with the XIAO is use it as a USB to serial interface. One use for this setup is to login to a Raspberry Pi through a Windows 10 USB connection!

Complete instructions for doing this can be found in the XIAO Wiki, just follow the steps to wire your Pi to your Arduino. Compile and load the program onto the XIAO. Run Putty on your Windows 10 system, configuring it to connect to the XIAO Com port. Then power on your Pi, configure it to allow the Serial Terminal in Raspi-Config, or set the Uart command in config.txt (instructions in the Wiki) and you are good to go.

Once everything is setup, hit, “enter” in the Putty terminal and you will see the Raspberry Pi login screen! As seen in the picture above – How cool is that?

Grove LED Ring

The Seeed Wiki doesn’t cover how to use the Grove LED ring with the XIAO, but it is very easy. Just follow the instructions given on the Grove Ring Wiki:

  • Connect the LED ground to XIAO ground, +V to 3.3 on the XIAO, and Signal to pin 6.
  • Install the Grove LED ring Library
  • Then run any of the bottom (not the first) programs listed in the Grove Wiki

And you should see something like the picture below:

That’s it, you can quickly and easily control the LED ring with the XIAO!

The nice thing is that you can use the XIAO as a very cost-effective LED controller in your projects. For example, I used mine in an Android Magic Mirror that I made a while back. Magic mirrors are very easy to make, I just used an old Android tablet, Magic Mirror software (there are several to choose from), a large picture frame and a piece of one-way glass that fit into the frame. The Android display shines through the 1-Way glass and seems to appear in the mirror.

I mounted the XIAO and the LED ring into my magic mirror and it worked fantastic!

The LED ring, powered by the XIAO showed extremely well through the Magic Mirror glass. Again, this is a “step one” proof of concept kind of thing. Additional work with straight LED’s and you could light the entire edges up, or possible, with something like a Raspberry Pi, you should be able to get the LED ring to sync to music as a song played.

Conclusion

I only briefly covered a handful of possibilities with using the XIAO. As I mentioned earlier, this board was a lot of fun to tinker with, it is a great project board for small and large projects alike. I really look forward to using this in future drop box and Magic Mirror projects. If you want something a little larger, with built in Wi-Fi and an LCD screen, I will be reviewing the WIO Terminal soon!

Covenant the .NET based C2 on Kali Linux

There are many Command and Control Frameworks for Pentesters and Red Teamers to use. Covenant is a nice .NET based C2 environment that works great on Kali Linux. In this article we will cover installing and the very basic usage of Covenant.

When using Covenant, you first create “listeners”. These listen for incoming connections from “launchers”. Next, you create “launchers”, or basically, the exploit payloads. When the launchers are run on a target system, they connect back to Covenant as “Grunts”. Lastly, you control the Grunts by interacting with them and running “Tasks”.

Covenant uses SharpSploit for the Tasks. SharpSploit is basically a .NET exploitation library written in C#, that is similar to the PowerSploit project.

Use 64 bit Kali only, the install errors out on 32 bit Kali

Installing Covenant

Tool Author: Ryan Cobb
Tool Website: https://github.com/cobbr/Covenant

Install and usage of Covenant is heavily and thoroughly documents on the tool WiKi site at https://github.com/cobbr/Covenant/wiki/Installation-And-Startup. I highly recommend the reader use and follow this site for the latest instructions. As such, this will just be a quick overview of installing Covenant.

Download and install Covenant

NOTE: You need two dashes in front of the “recurse-submodules” command. WordPress combines them into one.

Next, Download and install DotNet core version 2.2 SDK from Microsoft. Instructions can be found here:

https://dotnet.microsoft.com/download/dotnet-core/2.2

Instructions copied below for your convenience:

If this doesn’t work, you are probably trying to us 32 bit or the wrong platform (ARM vs amd64).

Lastly, just build and run Covenant:

  • cd Covenant/Covenant
  • dotnet build
  • dotnet run

You will now be presented with the Covenant Login Screen:

At this point you will create an admin user for Covenant.

  • Enter a username and password

And that’s it, Covenant is ready for use:

Now we need to create a Listener, build a launcher and get ready for shells!

Build a Listener

Covered at https://github.com/cobbr/Covenant/wiki/Listeners

This will only allow you to create an HTTP listener, you can create more involved listeners with C2 Bridge, see the tool documentation.

  • On the Covenant Menu, click “Listeners”

All we need to do is change the “ConnectAddress” to the Kali Linux IP Address.

  • When finished, click “+ Create”

A new listener should now show up on the Listeners Dashboard

You can click on the Listener name to get info on the listener and Stop/ Start or Delete it.

Generate a Launcher

Launcher Wiki page: https://github.com/cobbr/Covenant/wiki/Launchers

Now all we need to do is create our Launcher to run on the target system.

  • Click “Launchers”
  • Pick a Launcher type

Check out the Launcher Wiki page for an explanation of each type. Let’s create an MsBuild launcher.

  • Click “MsBuild”
  • Generate
  • Download

And That’s it! Download the file and run it using MSBuild on the target system. If the system is vulnerable, you get a shell:

If it runs successfully, a new Grunt, or remote shell connection will show up in the Covenant Dashboard under “Grunts”:

  • Click on the Grunt name
  • Click “Interact” to interact with the Grunt

Here you can run tasks, enter the task name and then send it.

In the screen above, I have run many tasks, the last runs the Keylogger for 10 seconds. Click on “Taskings” and the Task name to view the output of each command

Conclusion

In this article we quickly covered installing and using the Covenant .NET based Command and Control framework. This is a very heavily developed and well working framework. If you haven’t seen it, I highly recommend you try it out.

I had mixed results running this “out of the box” against a Windows 10 system. Microsoft Defender detects and blocks the launchers pretty quickly. So advanced users may need to modify the payloads. This may or may not work flawlessly against other anti-viruses with no modifications. 🙂

Pwnagotchi on a Pi 4 using any Display

I love Pwnagotchis, I mean, who doesn’t, have you seen these things?? My problem, is that I could not get great reception using the Pi0W built in WiFi. Also, I did not have a compatible E-Ink display for it. My first goal was to see if I could get Pwnagotchi running on a Pi 4 with an Alfa AWUS036NHA Long Range WiFi adapter. My second was to get it to display on an unsupported touchscreen or a full-size monitor.

TLDR version – You can!

But first – a Disclaimer:

These are just some personal notes of mine on getting the wickedly cool “Pwnagotchi” to work on a Pi 4 with a long range WiFi adapter. Also, how to access the Web User Interface so you don’t need an “E-Ink” display. This is mostly my work notes that I am sharing – It is a “try at your own risk” project. Due to configuration and network differences, it may or may not work for you and could leave your Pi software in an unstable state.

That being said, I will not be offering any technical support on it. These are just steps that worked for me, that I found through much trial and error. Lastly, never try to gain access to a network that you do not have permission to access – doing so is illegal and you could go to jail.

Pwnagotchis are the ridiculously cute (and intelligent) Pi0w based WiFi attack tool made by the author of Bettercap. I recently wrote a magazine article for Hakin9 on using the Bettercap Web UI and Pwnagotchis. The Web UI is an HTML interface to Bettercap, it allows you to control it through a browser.

Raspberry Pi 4s’ are the latest and greatest flag ship of the Raspberry Pi family. They have increased power and speed. They also come with different memory options; I love the 4GB model! The only catch is they draw more power than the model 3, and changed the power plug type, so you will most likely need a new power supply, or a very strong battery.

Again, this is just some notes that helped me get this working, use at your own risk. Enough intro, let’s get to this! First up, running Pwnagotchi on a Pi4.

Installing Pwnagotchi on a Pi4

Tool website: https://pwnagotchi.ai/
Tool Github: https://github.com/evilsocket/pwnagotchi
Tool Authors: Evilsocket and the Pwnagotchi team

The Pwnagothi wiki covers everything you need to know about installing, configuring and using the tool in a normal atmosphere. You should read the entire Wiki.

  1. Download and install the Pwnagotchi Raspberry Pi lite image: https://github.com/evilsocket/pwnagotchi/releases
  2. Write the image to an SD card.
  3. Insert the SD card into your Pi4, attach peripheral devices and lastly power.
  4. Connect a LAN cable – when the ethernet cable is plugged in, it starts the Pwnagotchi in manual mode, and you can SSH into the Pi if you want to.

With the current version of Pwnagotchi (1.4.1) it seems to boot up fine on a Pi4, but doesn’t run. It doesn’t seem to like the default waveshare display type -if you don’t have one, that is – changing this to “inkyphat” seems to do the trick.

  • Change the default e-ink device in config.yaml:
  • sudo nano /etc/pwnagotchi/config.yml
  • add the following:

ui:
display:
     type: ‘inkyphat’
     color: ‘black’

Next, I wanted to use an external USB WiFi adapter instead of the built in one. Instead of modifying a bunch of config files in Pwnagotchi, the simplest way seemed to be to just turn off the onboard wireless, so the USB WiFi becomes “wlan0”

6. In /boot/config.txt, add the following line to turn off the onboard WiFi:

dtoverlay=disable-wifi

7. Reboot

In a web browser, navigate to the IP address of your device and port 8080 to view the Web UI.

So, in my case, it would be 172.24.1.157:8080

The webpage should show the iconic Pwnagotchi face with control options. You now have a Pi4 Pwnagotchi that uses the Web UI!

Full Screen Display on any Screen

That is all well and good, but how can you run Pwnagotchi on a display that isn’t directly supported? I spent several days trying to get my Raspberry Pi 7” touchscreen to work with Pwnagotchi and did find a way to make it work. It’s more of a trick than anything, it is just running the Web UI in a full screen browser!

Again, proceed at your own risk, and I am not offering any technical support on how to do this – it took a lot of futzing to get this to work on mine, and it may not work on yours, or it may leave your Pi in an unstable software state. But I found if you install the Pwnagotchi Raspbian Lite image on a Pi 4, get it working with the modifications mentioned above, all you need to do next is install the Raspbian Graphical User interface and Chromium, and you can view Pwnagotchi locally on any display!

Quick instructions:

You won’t be able to get out to the internet, because Pwnagotchi changes the default Route, so we need to delete the default route, then add a new route to your gateway/ router. You can then pull down the files needed with “apt install”.

  • sudo ip route del default
  • sudo route add default gw 172.24.1.1 eth0 (Use your gateway address!)
  • sudo apt install raspberrypi-ui-mods
  • sudo apt install chromium-browser
  • reboot – the default route should restore on bootup

The first two commands deal with the routing. The third command installs a cut down version of the Raspbian graphical desktop. Next, the chromium web browser is installed.

Once it reboots, start Chromium, navigate to the Pwnagotchi web interface and press “F11” for full screen. That’s it! If all went well, you should have a large Pwnagotchi on the screen!

Now remember, it is a web interface, so, if you want you can also surf to it from your desktop or mobile systems connected to the same LAN.

This was just a quick overview of running Pwnagotchi on a Raspberry Pi 4. Do you want to unlock the real power of Pi for Ethical Hacking? Check out my latest book, “Security Testing with Raspberry Pi” – available on Amazon.com!