PortScan Grunt command fails and then breaks Elite functionality

[nuk3s]

First, thank you for this awesome framework.

When running the command PortScan example-hostname 445 the following error is encountered:

[!] EliteMenu Exception: Operation returned an invalid status code 'BadRequest' at Covenant.API.CovenantAPI.ApiGruntsByIdTaskingsPostWithHttpMessagesAsync(Int32 id, GruntTasking gruntTasking, Dictionary`2 customHeaders, CancellationToken cancellationToken) in /app/API/CovenantAPI.cs:line 4792 at Covenant.API.CovenantAPIExtensions.ApiGruntsByIdTaskingsPostAsync(ICovenantAPI operations, Int32 id, GruntTasking gruntTasking, CancellationToken cancellationToken) in /app/API/CovenantAPIExtensions.cs:line 912 at Covenant.API.CovenantAPIExtensions.ApiGruntsByIdTaskingsPost(ICovenantAPI operations, Int32 id, GruntTasking gruntTasking) in /app/API/CovenantAPIExtensions.cs:line 897 at Elite.Menu.Tasks.MenuCommandTaskStart.Command(MenuItem menuItem, String UserInput) in /app/Menu/Tasks/TaskMenuItem.cs:line 89 at Elite.Menu.Grunts.MenuCommandGruntInteractPortScan.Command(MenuItem menuItem, String UserInput) in /app/Menu/Grunts/InteractGruntMenuItem.cs:line 658 at Elite.Menu.EliteMenu.PrintMenu(String UserInput) in /app/Menu/EliteMenu.cs:line 122

Following this, running the command ls in the Grunt results in the following error:

(Covenant: Grunts\403887a32c) > ls [!] EliteMenu Exception: Object reference not set to an instance of an object. at Elite.Menu.Grunts.MenuCommandGruntInteractListDirectory.Command(MenuItem menuItem, String UserInput) in /app/Menu/Grunts/InteractGruntMenuItem.cs:line 157 at Elite.Menu.EliteMenu.PrintMenu(String UserInput) in /app/Menu/EliteMenu.cs:line 122

When runing the help command it is observed that the Task command in the help output is now overwritten by PortScan

(Covenant: Grunts\403887a32c) > Help

 Help
 ====================================================================================================================================================================
 PortScan               <task_name>                                               Task a Grunt to do something.                                                       
 Help                                                                             Display Help for this menu.                                                         
 Back                                                                             Navigate Back one menu level.                                                       
 Exit                                                                             Exit the Elite console.                                                             
 Show                                                                             Show details of the Grunt.                                                          
 Set                    <option> <value>                                          Set a Grunt Variable.                                                               
 whoami                                                                           Gets the username of the currently used/impersonated token.                         
 ls                                                                               Get a listing of the current directory.                                             
 cd                     <append_directory>                                        Change the current directory.                                                       
 ps                                                                               Get a list of currently running processes.                                          
 RegistryRead           <regpath>                                                 Reads a value stored in registry.                                                   
 RegistryWrite          <regpath> <value>                                         Writes a value into the registry.                                                   
 Upload                 <file_path>                                               Upload a file.                                                                      
 Download               <file_name>                                               Download a file.                                                                    
 Assembly               <assembly_path> <type_name> <method_name>                 Execute a .NET Assembly.                                                            
 SharpShell             <c#_code>                                                 Execute C# code.                                                                    
 Shell                  <shell_command>                                           Execute a Shell command.                                                            
 PowerShell             <powershell_code>                                         Execute a PowerShell command.                                                       
 PowerShellImport       <file_path>                                               Import a local PowerShell file.                                                     
 PortScan               <computer_names> <ports> <ping>                           Conduct a TCP port scan of specified hosts and ports.                               
 Mimikatz               <command>                                                 Execute a Mimikatz command.                                                         
 LogonPasswords                                                                   Execute the Mimikatz command "sekurlsa::logonPasswords".                            
 SamDump                                                                          Execute the Mimikatz command "lsadump::sam".                                        
 LsaSecrets                                                                       Execute the Mimikatz command "lsadump::secrets".                                    
 DCSync                 <user> <fqdn> <dc>                                        Execute the Mimikatz command "lsadump::dcsync".                                     
 Kerberoast             <usernames> <hash_format>                                 Perform a "kerberoasting" attack to retreive crackable SPN tickets.                 
 GetDomainUser          <identities>                                              Gets a list of specified (or all) user `DomainObject`s in the current Domain.       
 GetDomainGroup         <identities>                                              Gets a list of specified (or all) group `DomainObject`s in the current Domain.      
 GetDomainComputer      <identities>                                              Gets a list of specified (or all) computer `DomainObject`s in the current Domain... 
 GetNetLocalGroup       <computernames>                                           Gets a list of `LocalGroup`s from specified remote computer(s).                     
 GetNetLocalGroupMember <computernames> <localgroup>                              Gets a list of `LocalGroupMember`s from specified remote computer(s).               
 GetNetLoggedOnUser     <computernames>                                           Gets a list of `LoggedOnUser`s from specified remote computer(s).                   
 GetNetSession          <computernames>                                           Gets a list of `SessionInfo`s from specified remote computer(s).                    
 ImpersonateUser        <username>                                                Find a process owned by the specified user and impersonate the token. Used to ex... 
 ImpersonateProcess     <processid>                                               Impersonate the token of the specified process. Used to execute subsequent comma... 
 GetSystem                                                                        Impersonate the SYSTEM user. Equates to ImpersonateUser("NT AUTHORITY\SYSTEM").     
 MakeToken              <username> <domain> <password> <logontype>                Makes a new token with a specified username and password, and impersonates it to... 
 RevertToSelf                                                                     Ends the impersonation of any token, reverting back to the initial token associa... 
 WMI                    <computername> <username> <password> <launcher> <command> Obtain a new Grunt through WMI lateral movement by executing a Launcher on a rem... 
 DCOM                   <computername> <launcher> <command> <method>              Execute a process on a remote system using various DCOM methods.                    
 BypassUAC              <launcher> <command>                                      Obtain a new high-integrity Grunt by bypassing UAC through token duplication.       
 TaskOutput             <completed_task_name>                                     Show the output of a completed task.                                                

During this time Covenant outputs the following error:

Task Compilation failed: CompilationErrors: (11,9): error CS0246: The type or namespace name 'List<>' could not be found (are you missing a using directive or an assembly reference?) (12,9): error CS0246: The type or namespace name 'List<>' could not be found (are you missing a using directive or an assembly reference?) at Covenant.Core.Compiler.Compile(CompilationRequest request) at Covenant.Models.Grunts.GruntTasking.Compile(String TaskCode, List`1 Parameters, List`1 ReferenceAssemblies, DotNetVersion dotNetFrameworkVersion) in /app/Models/Grunts/GruntTasking.cs:line 95 at Covenant.Controllers.GruntTaskingController.CreateGruntTasking(Int32 id, GruntTasking gruntTasking) in /app/Controllers/GruntTaskingController.cs:line 182

Please let me know what else you need from me. Thank you again for this awesome work.

[cobbr]

Confirmed as a bug. Thanks for the heads up @nuk3s, I'll see if I can get this fixed

[cobbr]

This ended up being an interesting error. Covenant's compiler attempts to do some source code optimizations, turns out it was over-optimizing and removing necessary using declaration.

For now, I added in a temporary "fix" that solves this issue in d8471141b3f8c4da0ab0dc1afb42073426633f25. Will dig into the source code optimization to determine a longer term solution.

Closing, but let me know if you still have issues!

[nuk3s]

Works! Thank you for the VERY quick fix.