Covenant the .NET based C2 on Kali Linux

There are many Command and Control Frameworks for Pentesters and Red Teamers to use. Covenant is a nice .NET based C2 environment that works great on Kali Linux. In this article we will cover installing and the very basic usage of Covenant.

When using Covenant, you first create “listeners”. These listen for incoming connections from “launchers”. Next, you create “launchers”, or basically, the exploit payloads. When the launchers are run on a target system, they connect back to Covenant as “Grunts”. Lastly, you control the Grunts by interacting with them and running “Tasks”.

Covenant uses SharpSploit for the Tasks. SharpSploit is basically a .NET exploitation library written in C#, that is similar to the PowerSploit project.

Use 64 bit Kali only, the install errors out on 32 bit Kali

Installing Covenant

Tool Author: Ryan Cobb
Tool Website: https://github.com/cobbr/Covenant

Install and usage of Covenant is heavily and thoroughly documents on the tool WiKi site at https://github.com/cobbr/Covenant/wiki/Installation-And-Startup. I highly recommend the reader use and follow this site for the latest instructions. As such, this will just be a quick overview of installing Covenant.

Download and install Covenant

NOTE: You need two dashes in front of the “recurse-submodules” command. WordPress combines them into one.

Next, Download and install DotNet core version 2.2 SDK from Microsoft. Instructions can be found here:

https://dotnet.microsoft.com/download/dotnet-core/2.2

Instructions copied below for your convenience:

If this doesn’t work, you are probably trying to us 32 bit or the wrong platform (ARM vs amd64).

Lastly, just build and run Covenant:

  • cd Covenant/Covenant
  • dotnet build
  • dotnet run

You will now be presented with the Covenant Login Screen:

At this point you will create an admin user for Covenant.

  • Enter a username and password

And that’s it, Covenant is ready for use:

Now we need to create a Listener, build a launcher and get ready for shells!

Build a Listener

Covered at https://github.com/cobbr/Covenant/wiki/Listeners

This will only allow you to create an HTTP listener, you can create more involved listeners with C2 Bridge, see the tool documentation.

  • On the Covenant Menu, click “Listeners”

All we need to do is change the “ConnectAddress” to the Kali Linux IP Address.

  • When finished, click “+ Create”

A new listener should now show up on the Listeners Dashboard

You can click on the Listener name to get info on the listener and Stop/ Start or Delete it.

Generate a Launcher

Launcher Wiki page: https://github.com/cobbr/Covenant/wiki/Launchers

Now all we need to do is create our Launcher to run on the target system.

  • Click “Launchers”
  • Pick a Launcher type

Check out the Launcher Wiki page for an explanation of each type. Let’s create an MsBuild launcher.

  • Click “MsBuild”
  • Generate
  • Download

And That’s it! Download the file and run it using MSBuild on the target system. If the system is vulnerable, you get a shell:

If it runs successfully, a new Grunt, or remote shell connection will show up in the Covenant Dashboard under “Grunts”:

  • Click on the Grunt name
  • Click “Interact” to interact with the Grunt

Here you can run tasks, enter the task name and then send it.

In the screen above, I have run many tasks, the last runs the Keylogger for 10 seconds. Click on “Taskings” and the Task name to view the output of each command

Conclusion

In this article we quickly covered installing and using the Covenant .NET based Command and Control framework. This is a very heavily developed and well working framework. If you haven’t seen it, I highly recommend you try it out.

I had mixed results running this “out of the box” against a Windows 10 system. Microsoft Defender detects and blocks the launchers pretty quickly. So advanced users may need to modify the payloads. This may or may not work flawlessly against other anti-viruses with no modifications. 🙂

Pi 4 Hacking Platform using DietPi and PTF

Building a Raspberry Pi 4 Ethical Hacking platform using The Pentesters Framework and DietPi.

I’ve been playing with using different hacking tools and Operating Systems with the Pi 4. In this article I cover installing The Pentesters Framework on a RPi 4 running DietPi.

DietPi is a very lightweight Debian OS for the Raspberry Pi. The Pentesters Framework by TrustedSec is an Ethical Hacking installation script that automatically installs and updates over 250 modules/ tools. It would be great if they would work together on a Raspberry Pi 4. The good news is that is does – With a couple tweaks.

I cover installing and using The Pentesters Framework on Raspberry Pi in my latest book. So, I am not going to go into great detail on using the tools in PTF. I just want to cover actually installing it on DietPi.

Installing

NOTE: You will need a Raspberry Pi 4, and at the minimum a 32 GB MicroSD card if you want to install all of the PTF tools. Don’t have a Pi 4? Seeed is currently offering free shipping for orders over $119 with a Raspberry Pi 4 4GB.

Insert the MicroSD card into your Pi, attach peripherals and lastly connect power (always connect power last). When DietPi boots up you will be presented with some options.

  • Pick any software install options you want, then “Go install software”
  • Requested software and updates will be installed
  • Reboot when finished

I just run through it quickly the first time to get the latest OS updates. Note the CPU temp warning, it’s a Pi 4, it runs hotter than a Pi 3.

To install an “X” Desktop or any other included software, type, “dietpi-software”.

There are a ton of add-on software options under “Software Optimised”. For example, if you want a graphical desktop, pick the X-Desktop you want and then the “Go install software” option. You can also setup your login preferences from this menu – auto login, desktop login, etc.

All we really need here is to install Python. Then we need to make a small config file tweak and finally install PTF.

Installing Python

From the DietPi-Software menu, go to “Software Additional” and install Python:

  • Cursor down to Python Pip, hit the space bar to select it.
  • Select “OK

You will return to the main menu.,

  • Cursor down and select “Go >> Start Installation
  • Reboot when finished

We need to install git:

  • Open a terminal and enter, “apt install git

Next we need to comment out a line in the ‘/etc/hosts’ file or the PTF install will error out.

  • Comment out the “::1 localhost  IPv6 localhost” line
  • Reboot

That’s it! We can now proceed with the standard PTF install:

You will then see the main PTF interface:

Type “show modules” to see all available modules. You can install individual ones if you wish. If you have a large memory card (32 Gb), you can install all of them.

  • To install all tools, enter “use modules/install_update_all
  • Reboot when finished

The install will take a very long time, especially if you install all of the modules. After install, all tools will be located in category themed directories under the ‘/pentest’ directory, as seen below:

Many of the tools can be run from anywhere, but some tools require you to change into its install directory for it to work properly. This is usually ‘/pentest’, but some run from ‘/usr/share’ as well. Check it out, there are a ton of very good tools at your disposal, like “Sniper”:

And there you have it. Again, I go into much deeper detail in my book about using PTF on a Pi, I just wanted to show how it could be installed on DietPi. If you want to learn a lot more about using Raspberry Pi for Ethical hacking check out my latest book – Security Testing with Raspberry Pi

New Book: “Security Testing with Raspberry Pi”

My latest book, “Security Testing with Raspberry Pi” is out. The newest in my “Security Testing” series is all about the versatile Raspberry Pi! †

The credit card sized Raspberry Pi has been a hit with makers for years, it is amazing how many different ways you can use these devices. What many don’t know is that they are also a great tool for use in the security field.

The RPi can run many of the popular Ethical Hacking tools and operating systems. The small size and portability of the Pi makes it a perfect tool for Red Teams and Pentesters.

For example, the RPi makes for great pentesting “Drop Boxes”, small scanning remote access tools left behind on a client’s website during a test. But that is just one use, thanks to P4wnP1, the Pi can also be used as a very powerful and live customizable HiD attack tool. They can even be used as surveillance cameras.

In my book, I cover how to install and use many of the top security tools on the Raspberry Pi.

How to install Kali Linux on a RPi, installing security tools on Raspbian, how to use Warberry Pi – a drop box like system, even how to setup your Pi to act like a security camera, and much, much more!

Like my previous books, the first thing covered is setting up a test lab with vulnerable targets. You will see how to use the RPi to scan test systems for vulnerabilities. I also cover how to use the RPi as an actual test target so you hone your ethical hacking skills without breaking the bank.

This book basically takes off where “Basic Security Testing with Kali Linux” ends and shows you how to use a Pi as a functional security tool. Though not a beginner, “How to use a Pi” book, I use step-by-step tutorials for those new to ethical hacking and the Raspberry Pi.

What about the Raspberry Pi 4? The book now includes notes for those who want to use the brand new Pi 4. As the Pi 4 was just released, many of the operating systems and tools are not 100% functional yet with the Pi 4. But you can install Kali Linux on the Pi 4, and use many of the popular security tools in Raspbian. Functionality will increase as time goes on and as tools are updated to work with the Pi 4.

If you are interested in the Raspberry Pi and want to see how to use it in the security realm, check out, “Security Testing with Raspberry Pi“!

Basic Security Testing with Kali Linux Giveaway Contest

Want a chance to get a signed copy of my latest Kali Linux book? I am giving away a total of 10 signed copies of “Basic Security Testing with Kali Linux, 3rd Edition”!

Simply follow, like and share this article, or my official Twitter or Instagram announcement, for a chance to win a signed copy of my new book!

10 lucky winners will be randomly selected on October 31st.

The Contest is for those living in the United States only. I may do another one for international readers in the future.

Liking this article & sharing the Official Contest announcements on Twitter and Instagram will increase your chances of winning.  Winners will be notified on October 31st. If a winner cannot be notified or does not respond by the end of the first week of November, another winner will be picked.

Good luck!