Fourth step in setting up C2 environment. Using socat as front to Covenant. Command and Control my way. @c2_matrix #Covenant #pentest #pentesting #redteam #infosec

It is time for part 4 in this series to set up a Command and Control, and this time I am trying out C2 server Covenant. You can go and read about Covenant here https://github.com/cobbr/Covenant.

A picture says more than 1000 words so lets start with that!

Covenant

Short list

install kali
apt-get update
apt full-upgrade
systemctl enable ssh
systemctl start ssh

Server

After installation of kali it is time to install stuff that will the server to get enabled for Covenant! We will start with som dot.net stuff

sudo snap install dotnet-sdk --classic --channel=3.1

apt-get install git

export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1

Covenant installation

git clone –recurse-submodules https://github.com/cobbr/Covenant

We have now got everything installed to get this C2 server up and running.

Go to the directory of Covenant/Covenant

run

dotnet run

If you get below error, it is solved by exporting this:
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1

server error

After the export we run the command again!

The server is up and running. If you want to use lower ports like 80 or 443 you need to run this as root.

Running Server

Go to a browser on the machine and access http://127.0.0.1:7443 and try

Covenant Web

Login screen

Dashboard

Press the Listeners meny on the left.

It is time to create a listener for our C2 server. Press Create.

Listeners

Fill in your information. That is right for you.

Listener

Then it is time to create Launcher that will connect to our C2 server. On the left meny press Launchers and the press powershell.

Powershell Launcher 1
Lanuncher 2

Then run the powershell command on the victim.

When you have run one of the command from above. The client will pop up in web gui under Grunts

Grunts

Press the name to interact with the victim

Interact

Under task you predefined task that you can run

Tasks

The result from task is whoami

Result of task

New listener for https and external access thru Socat

Listeners

Configure the https listerner with certificate. If you have a wildcard cert like me from lets encrypt lets create a certificate for the https listener.

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

Then we create the listener like this

We have now tried the basics with this C2 application called Covenant!

If you like gui of a C2 this will be a really nice one for you.

This was all for now!

Keep hacking!

//Roger

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.