Covenant the .NET based C2 on Kali Linux

There are many Command and Control Frameworks for Pentesters and Red Teamers to use. Covenant is a nice .NET based C2 environment that works great on Kali Linux. In this article we will cover installing and the very basic usage of Covenant.

When using Covenant, you first create “listeners”. These listen for incoming connections from “launchers”. Next, you create “launchers”, or basically, the exploit payloads. When the launchers are run on a target system, they connect back to Covenant as “Grunts”. Lastly, you control the Grunts by interacting with them and running “Tasks”.

Covenant uses SharpSploit for the Tasks. SharpSploit is basically a .NET exploitation library written in C#, that is similar to the PowerSploit project.

Use 64 bit Kali only, the install errors out on 32 bit Kali

Installing Covenant

Tool Author: Ryan Cobb
Tool Website: https://github.com/cobbr/Covenant

Install and usage of Covenant is heavily and thoroughly documents on the tool WiKi site at https://github.com/cobbr/Covenant/wiki/Installation-And-Startup. I highly recommend the reader use and follow this site for the latest instructions. As such, this will just be a quick overview of installing Covenant.

Download and install Covenant

NOTE: You need two dashes in front of the “recurse-submodules” command. WordPress combines them into one.

Next, Download and install DotNet core version 2.2 SDK from Microsoft. Instructions can be found here:

https://dotnet.microsoft.com/download/dotnet-core/2.2

Instructions copied below for your convenience:

If this doesn’t work, you are probably trying to us 32 bit or the wrong platform (ARM vs amd64).

Lastly, just build and run Covenant:

  • cd Covenant/Covenant
  • dotnet build
  • dotnet run

You will now be presented with the Covenant Login Screen:

At this point you will create an admin user for Covenant.

  • Enter a username and password

And that’s it, Covenant is ready for use:

Now we need to create a Listener, build a launcher and get ready for shells!

Build a Listener

Covered at https://github.com/cobbr/Covenant/wiki/Listeners

This will only allow you to create an HTTP listener, you can create more involved listeners with C2 Bridge, see the tool documentation.

  • On the Covenant Menu, click “Listeners”

All we need to do is change the “ConnectAddress” to the Kali Linux IP Address.

  • When finished, click “+ Create”

A new listener should now show up on the Listeners Dashboard

You can click on the Listener name to get info on the listener and Stop/ Start or Delete it.

Generate a Launcher

Launcher Wiki page: https://github.com/cobbr/Covenant/wiki/Launchers

Now all we need to do is create our Launcher to run on the target system.

  • Click “Launchers”
  • Pick a Launcher type

Check out the Launcher Wiki page for an explanation of each type. Let’s create an MsBuild launcher.

  • Click “MsBuild”
  • Generate
  • Download

And That’s it! Download the file and run it using MSBuild on the target system. If the system is vulnerable, you get a shell:

If it runs successfully, a new Grunt, or remote shell connection will show up in the Covenant Dashboard under “Grunts”:

  • Click on the Grunt name
  • Click “Interact” to interact with the Grunt

Here you can run tasks, enter the task name and then send it.

In the screen above, I have run many tasks, the last runs the Keylogger for 10 seconds. Click on “Taskings” and the Task name to view the output of each command

Conclusion

In this article we quickly covered installing and using the Covenant .NET based Command and Control framework. This is a very heavily developed and well working framework. If you haven’t seen it, I highly recommend you try it out.

I had mixed results running this “out of the box” against a Windows 10 system. Microsoft Defender detects and blocks the launchers pretty quickly. So advanced users may need to modify the payloads. This may or may not work flawlessly against other anti-viruses with no modifications. 🙂

Pwnagotchi on a Pi 4 using any Display

I love Pwnagotchis, I mean, who doesn’t, have you seen these things?? My problem, is that I could not get great reception using the Pi0W built in WiFi. Also, I did not have a compatible E-Ink display for it. My first goal was to see if I could get Pwnagotchi running on a Pi 4 with an Alfa AWUS036NHA Long Range WiFi adapter. My second was to get it to display on an unsupported touchscreen or a full-size monitor.

TLDR version – You can!

But first – a Disclaimer:

These are just some personal notes of mine on getting the wickedly cool “Pwnagotchi” to work on a Pi 4 with a long range WiFi adapter. Also, how to access the Web User Interface so you don’t need an “E-Ink” display. This is mostly my work notes that I am sharing – It is a “try at your own risk” project. Due to configuration and network differences, it may or may not work for you and could leave your Pi software in an unstable state.

That being said, I will not be offering any technical support on it. These are just steps that worked for me, that I found through much trial and error. Lastly, never try to gain access to a network that you do not have permission to access – doing so is illegal and you could go to jail.

Pwnagotchis are the ridiculously cute (and intelligent) Pi0w based WiFi attack tool made by the author of Bettercap. I recently wrote a magazine article for Hakin9 on using the Bettercap Web UI and Pwnagotchis. The Web UI is an HTML interface to Bettercap, it allows you to control it through a browser.

Raspberry Pi 4s’ are the latest and greatest flag ship of the Raspberry Pi family. They have increased power and speed. They also come with different memory options; I love the 4GB model! The only catch is they draw more power than the model 3, and changed the power plug type, so you will most likely need a new power supply, or a very strong battery.

Again, this is just some notes that helped me get this working, use at your own risk. Enough intro, let’s get to this! First up, running Pwnagotchi on a Pi4.

Installing Pwnagotchi on a Pi4

Tool website: https://pwnagotchi.ai/
Tool Github: https://github.com/evilsocket/pwnagotchi
Tool Authors: Evilsocket and the Pwnagotchi team

The Pwnagothi wiki covers everything you need to know about installing, configuring and using the tool in a normal atmosphere. You should read the entire Wiki.

  1. Download and install the Pwnagotchi Raspberry Pi lite image: https://github.com/evilsocket/pwnagotchi/releases
  2. Write the image to an SD card.
  3. Insert the SD card into your Pi4, attach peripheral devices and lastly power.
  4. Connect a LAN cable – when the ethernet cable is plugged in, it starts the Pwnagotchi in manual mode, and you can SSH into the Pi if you want to.

With the current version of Pwnagotchi (1.4.1) it seems to boot up fine on a Pi4, but doesn’t run. It doesn’t seem to like the default waveshare display type -if you don’t have one, that is – changing this to “inkyphat” seems to do the trick.

  • Change the default e-ink device in config.yaml:
  • sudo nano /etc/pwnagotchi/config.yml
  • add the following:

ui:
display:
     type: ‘inkyphat’
     color: ‘black’

Next, I wanted to use an external USB WiFi adapter instead of the built in one. Instead of modifying a bunch of config files in Pwnagotchi, the simplest way seemed to be to just turn off the onboard wireless, so the USB WiFi becomes “wlan0”

6. In /boot/config.txt, add the following line to turn off the onboard WiFi:

dtoverlay=disable-wifi

7. Reboot

In a web browser, navigate to the IP address of your device and port 8080 to view the Web UI.

So, in my case, it would be 172.24.1.157:8080

The webpage should show the iconic Pwnagotchi face with control options. You now have a Pi4 Pwnagotchi that uses the Web UI!

Full Screen Display on any Screen

That is all well and good, but how can you run Pwnagotchi on a display that isn’t directly supported? I spent several days trying to get my Raspberry Pi 7” touchscreen to work with Pwnagotchi and did find a way to make it work. It’s more of a trick than anything, it is just running the Web UI in a full screen browser!

Again, proceed at your own risk, and I am not offering any technical support on how to do this – it took a lot of futzing to get this to work on mine, and it may not work on yours, or it may leave your Pi in an unstable software state. But I found if you install the Pwnagotchi Raspbian Lite image on a Pi 4, get it working with the modifications mentioned above, all you need to do next is install the Raspbian Graphical User interface and Chromium, and you can view Pwnagotchi locally on any display!

Quick instructions:

You won’t be able to get out to the internet, because Pwnagotchi changes the default Route, so we need to delete the default route, then add a new route to your gateway/ router. You can then pull down the files needed with “apt install”.

  • sudo ip route del default
  • sudo route add default gw 172.24.1.1 eth0 (Use your gateway address!)
  • sudo apt install raspberrypi-ui-mods
  • sudo apt install chromium-browser
  • reboot – the default route should restore on bootup

The first two commands deal with the routing. The third command installs a cut down version of the Raspbian graphical desktop. Next, the chromium web browser is installed.

Once it reboots, start Chromium, navigate to the Pwnagotchi web interface and press “F11” for full screen. That’s it! If all went well, you should have a large Pwnagotchi on the screen!

Now remember, it is a web interface, so, if you want you can also surf to it from your desktop or mobile systems connected to the same LAN.

This was just a quick overview of running Pwnagotchi on a Raspberry Pi 4. Do you want to unlock the real power of Pi for Ethical Hacking? Check out my latest book, “Security Testing with Raspberry Pi” – available on Amazon.com!

Hands-On Review: Grove AI HAT for Edge Computing

Bring next level intelligence to your Raspberry Pi projects with the Grove AI HAT for Edge Computing. In this article we will take a quick hands-on view of the Grove AI HAT board & Ultrasonic Sensor in standalone mode, and used as a Raspberry Pi HAT.

Introduction

The Grove AI HAT for Edge Computing is built around Sipeed MAix M1 AI MODULE with the Kendryte K210 processor inside. It’s a low cost but powerful stand-alone board that can also run as a Raspberry Pi Artificial Intelligence HAT.

The board not only bristles with peripheral connections (I2C/UART/SPI/I2S/PWM/GPIO), but has built in audio and video processing capabilities for AI projects.  This means you can connect multiple Grove Sensors to the board. Couple that with its video and audio capabilities and it makes it an interesting choice for Edge Computing environments. 

Seeedstudio provided me with a Grove AI Hat board for review. There are plenty of articles on the technical specs of the board, so this article will be more of a “hands-on” usage review. Let’s hook a Grove sensor up to the board and use it on its own, and as a Raspberry Pi HAT.

The Grove AI HAT is a new board, so there are not a lot of usability instructions available at this time. One of the quickest ways I found to interface with the board is to use the Seeedstudio Arduino interface. The ArduinoCore-API interface has been added to the board, allowing support for multiple development environments, including Arduino IDE, Linux, Windows, and Mac OS X. This basically means you can run Grove Arduino Libraries and many other Arduino libraries on this board.

Enough intro, let’s see it in action!

Basic Arduino Instructions

The Grove AI HAT can function entirely on its own and in conjunction with a Raspberry Pi. A good starting point is to connect one of the many Grove sensors to the board, and perform basic input/ output using the Arduino library.

In this section, we will see how to interact with a Grove Ultrasonic range sensor and view the output using the individual board, and then as a Raspberry Pi HAT.  

Follow the Arduino setup instructions on the Seeed website carefully. You need to add board drivers and use a specific writing option (K-flash), if you pick the wrong options, your board will not function properly.

Follow the setup instructions here:

http://wiki.seeedstudio.com/Grove_AI_HAT_for_Edge_Computing/

Summarized below:

  • Download and install the Arduino IDE on your computer
  • Run Arduino IDE
  • Add the K210 Grove AI HAT for Edge Computing driver
  • Select the K-flash programmer

The Arduino IDE is now configured to work with the Grove board.

Using the Grove Board Standalone

Once everything is setup, you can use Seeed’s sample Arduino code to control the board directly. For example, the Ultrasonic sensor.

WARNING: Do no connect or disconnect sensors to the board while it is powered up, you could damage it!

Connect your range sensor to the board (I used port D13)

Then using a USB C cable, connect the board to your computer. This will power up the board and allow your computer to communicate to it.

  • Next, load in the ultrasonic Arduino library into your sketch project folder.
  • In the Arduino IDE, enter the sample code provided by Seeed:
  • Compile and write the code to your board

Now, open the Arduino serial monitor and you should see live range detection:

Move your hand back and forth in front of the range detector, you should see the range update live in your Serial Monitor tab.

That’s all well and good, but this is a Raspberry Pi HAT! How do you use it with a Raspberry Pi?

Grove on the Raspberry Pi

In this section we will look at using the Grove AI board with a Raspberry Pi 3b+. The Pi 3b is running Raspbian and is setup up for remote access via Putty. To use the Grove Board and Pi in tandem, we need to connect them together. Disconnect power (the USB cable), connect the riser board to the Grove board, and then carefully connect the Pi and grove boards together. Make sure no power is applied to either board, and the pins line up correctly, or you could damage your boards.

Only provide power to one board, the Pi or the Grove Hat, if you connect power to both boards you need to change a switch on the Grove board.  

Connect the USB cord from your PC to the Grove power port. Both the Grove board and Raspberry Pi should power up at the same time. In this configuration, you can still use the Arduino Serial Monitor to view the sensor output. But we want to see it on the Pi.

To use the Grove board on a Pi, we will need to install the Grove Python library.

Instructions can be found here:

http://wiki.seeedstudio.com/Grove_Base_Kit_for_Raspberry_Pi/

Basically, from a Raspbian install:

Now with the Grove library installed, we can run a short Python program to communicate with the Sensor through the Raspberry PI.

  • cd ~/grove.py/grove

Enter in, save and run the following Python program in the grove directory:

ultrasonic.py:

It should look like this when done:

Now, just run the ultrasonic.py program:

And that’s it! You should see distance displayed in real time.

You can open the Arduino Serial monitor and get readings from it at the same time, as seen below:

One interesting feature is that if the Pi is shutdown, or the Python program stopped, the Grove board can continue to work.

As seen below:

The Ultrasonic program was stopped, but the device continues to operate as seen in the Arduino serial monitor.

AI Computing

As mentioned at the beginning of this video, the Grove HAT has video and audio processing capability built in. I ran into some questions on how to access the video and audio part of the card and am waiting to hear back from Seeed tech support. So, I will explore this capability in future articles, but for now, Seeed has a great demo video of this capability on their website:

https://project.seeedstudio.com/SeeedStudio/face-count-and-display-using-grove-ai-hat-and-pi-3e100f

Conclusion

This was just a very basic intro to the Grove AI HAT for Edge Computing. The board is very exciting as it brings a host of sensor capabilities to the Raspberry Pi platform. I believe this will allow for much more intelligent Pentest drop boxes (it could sense and record when someone was in the room, for example), robotics projects, Magic Mirrors, and whatever else you can dream up. Stay tuned, more to come!

About Seeed Studio:
Seeed is the IoT hardware enabler providing services over 10 years that empower makers to realize their projects and products. Seeed offers a wide array of hardware platforms and sensor modules ready to be integrated with existing IoT platforms and one stop PCB manufacturing and Prototype PCB Assembly.

Seeed Studio provides a wide selection of electronic parts including ArduinoRaspberry Pi and many different development board platforms. Especially the Grove System help engineers and makers avoid jumper wires problems. Seeed Studio has developed more than 280 Grove modules covering a wide range of applications that can fulfill a variety of needs. 

Pi 4 Hacking Platform using DietPi and PTF

Building a Raspberry Pi 4 Ethical Hacking platform using The Pentesters Framework and DietPi.

I’ve been playing with using different hacking tools and Operating Systems with the Pi 4. In this article I cover installing The Pentesters Framework on a RPi 4 running DietPi.

DietPi is a very lightweight Debian OS for the Raspberry Pi. The Pentesters Framework by TrustedSec is an Ethical Hacking installation script that automatically installs and updates over 250 modules/ tools. It would be great if they would work together on a Raspberry Pi 4. The good news is that is does – With a couple tweaks.

I cover installing and using The Pentesters Framework on Raspberry Pi in my latest book. So, I am not going to go into great detail on using the tools in PTF. I just want to cover actually installing it on DietPi.

Installing

NOTE: You will need a Raspberry Pi 4, and at the minimum a 32 GB MicroSD card if you want to install all of the PTF tools. Don’t have a Pi 4? Seeed is currently offering free shipping for orders over $119 with a Raspberry Pi 4 4GB.

Insert the MicroSD card into your Pi, attach peripherals and lastly connect power (always connect power last). When DietPi boots up you will be presented with some options.

  • Pick any software install options you want, then “Go install software”
  • Requested software and updates will be installed
  • Reboot when finished

I just run through it quickly the first time to get the latest OS updates. Note the CPU temp warning, it’s a Pi 4, it runs hotter than a Pi 3.

To install an “X” Desktop or any other included software, type, “dietpi-software”.

There are a ton of add-on software options under “Software Optimised”. For example, if you want a graphical desktop, pick the X-Desktop you want and then the “Go install software” option. You can also setup your login preferences from this menu – auto login, desktop login, etc.

All we really need here is to install Python. Then we need to make a small config file tweak and finally install PTF.

Installing Python

From the DietPi-Software menu, go to “Software Additional” and install Python:

  • Cursor down to Python Pip, hit the space bar to select it.
  • Select “OK

You will return to the main menu.,

  • Cursor down and select “Go >> Start Installation
  • Reboot when finished

We need to install git:

  • Open a terminal and enter, “apt install git

Next we need to comment out a line in the ‘/etc/hosts’ file or the PTF install will error out.

  • Comment out the “::1 localhost  IPv6 localhost” line
  • Reboot

That’s it! We can now proceed with the standard PTF install:

You will then see the main PTF interface:

Type “show modules” to see all available modules. You can install individual ones if you wish. If you have a large memory card (32 Gb), you can install all of them.

  • To install all tools, enter “use modules/install_update_all
  • Reboot when finished

The install will take a very long time, especially if you install all of the modules. After install, all tools will be located in category themed directories under the ‘/pentest’ directory, as seen below:

Many of the tools can be run from anywhere, but some tools require you to change into its install directory for it to work properly. This is usually ‘/pentest’, but some run from ‘/usr/share’ as well. Check it out, there are a ton of very good tools at your disposal, like “Sniper”:

And there you have it. Again, I go into much deeper detail in my book about using PTF on a Pi, I just wanted to show how it could be installed on DietPi. If you want to learn a lot more about using Raspberry Pi for Ethical hacking check out my latest book – Security Testing with Raspberry Pi