View Issue Details

IDProjectCategoryView StatusLast Update
0008109Kali LinuxKali Package Bugpublic2023-01-17 15:36
Reporterbob3rocks Assigned Toarnaudr  
PrioritynormalSeverityblockReproducibilityalways
Status resolvedResolutionfixed 
Product Version2022.4 
Summary0008109: problem with Covenant on Kali wsl
Description

Lately I've been running Windows Subsystem for Linux (wsl) Kali (using "kex --esm") and that is working great.

Except for one app that I've tried - covenant-kbx which runs, but whose listeners will only listen on Docker's loopback IP address 172.17.0.2. If I try to listen on an eth0 IP or tun0 IP, that doesn't work.

Steps To Reproduce
  1. sudo service docker start
    Starting Docker: docker.

  2. sudo covenant-kbx start

    Starting covenant
    Please wait during the start, it can take a long time...
    Opening https://127.0.0.1:7443 with a web browser
    covenant/default started
    Press ENTER to exit

  3. Create listener using default settings. (baseline showing expected bahavior)
    Connecting to http://172.17.0.2:80 will show that the web server is listening on port 80

wget http://172.17.0.2:80
--2022-12-19 19:32:08-- http://172.17.0.2/
Connecting to 172.17.0.2:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-12-19 19:32:08 ERROR 404: Not Found.

  1. Delete listener and create new listener using the IP address of any interface other than docker0

Connecting to http://10.10.14.69:80 will show there is no server listening on port 80

wget http://10.10.14.69:80 ↵ 4
--2022-12-19 19:38:48-- http://10.10.14.69/
Connecting to 10.10.14.69:80... failed: Connection refused.

Relationships

has duplicate 0008137 closeddaniruiz problem with Covenant on Kali wsl 

Activities

arnaudr

arnaudr

2023-01-06 02:39

manager   ~0017366

I updated the package so that covenant-kbx can listen on the host network. Please run "sudo apt update && sudo apt install covenant-kbx" in a terminal, that should get you the latest version of the package (ie. version 0.6-0kali6). Tell me if it fixes the issue. Thanks!

bob3rocks

bob3rocks

2023-01-06 02:50

reporter   ~0017367

Thanks for the update!

(ran above commands as directed)
...

The following packages will be upgraded:
covenant-kbx
1 upgraded, 0 newly installed, 0 to remove and 788 not upgraded.
Need to get 26.1 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://mirrors.ocf.berkeley.edu/kali kali-rolling/main amd64 covenant-kbx amd64 0.6-0kali6 [26.1 MB]
Fetched 26.1 MB in 1s (26.4 MB/s)
(Reading database ... 475365 files and directories currently installed.)
Preparing to unpack .../covenant-kbx_0.6-0kali6_amd64.deb ...
Unpacking covenant-kbx (0.6-0kali6) over (0.6-0kali5) ...
Setting up covenant-kbx (0.6-0kali6) ...

sudo service docker start
Starting Docker: docker.

sudo covenant-kbx start

Starting covenant
Please wait during the start, it can take a long time...
Traceback (most recent call last):
File "/usr/bin/kaboxer", line 33, in <module>
sys.exit(load_entry_point('kaboxer==1.1.2', 'console_scripts', 'kaboxer')())
File "/usr/lib/python3/dist-packages/kaboxer/init.py", line 2204, in main
kaboxer.go()
File "/usr/lib/python3/dist-packages/kaboxer/init.py", line 363, in go
self.args.func()
File "/usr/lib/python3/dist-packages/kaboxer/init.py", line 480, in cmd_run
container = self.docker_conn.containers.create(image, opts2)
File "/usr/lib/python3/dist-packages/docker/models/containers.py", line 877, in create
create_kwargs = _create_container_args(kwargs)
File "/usr/lib/python3/dist-packages/docker/models/containers.py", line 1095, in _create_container_args
create_kwargs['host_config'] = HostConfig(
host_config_kwargs)
File "/usr/lib/python3/dist-packages/docker/types/containers.py", line 336, in init
raise host_config_incompatible_error(
docker.errors.InvalidArgument: "host" network_mode is incompatible with port_bindings

Is there something special I will need to do for port bindings?

arnaudr

arnaudr

2023-01-06 05:30

manager   ~0017368

Last edited: 2023-01-06 05:31

Oups! Please open (as root) the file /usr/share/kaboxer/covenant.kaboxer.yaml, and comment out (ie. add a '#' at the beginning of the lines) these 3 lines:

<pre>
publish_ports:

  • 7443
  • 443
    </pre>

Does that work?

bob3rocks

bob3rocks

2023-01-06 06:26

reporter   ~0017369

Yes!

It appears that worked like a charm. Will need to do some real testing to confirm but this looks promising.

╭─kali@BOB-GRAM /home/kali [ Jan 05 22:17 ]
╰─$ sudo covenant-kbx start

Starting covenant
Please wait during the start, it can take a long time...
Opening https://127.0.0.1:7443 with a web browser
covenant/default started
Press ENTER to exit

╭─kali@BOB-GRAM /home/kali [ Jan 05 22:18 ]
╰─$ ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process

tcp LISTEN 0 512 0.0.0.0:80 0.0.0.0: <<<--- listener running on tun0 IP
tcp LISTEN 0 512 0.0.0.0:7443 0.0.0.0:

╭─kali@BOB-GRAM /home/kali [ Jan 05 22:18 ]
╰─$

arnaudr

arnaudr

2023-01-06 08:08

manager   ~0017370

Great to hear, thanks for the feedback! I just uploaded version 0.6-0kali7 with the fix.

bob3rocks

bob3rocks

2023-01-06 17:00

reporter   ~0017371

Thank you for the fix.

I have confirmed I am able to install the latest using sudo apt update && sudo apt install covenant-kbx

Covenant starts up with no issues and is able to listen on interface tun0 and eth0.

Gratitude and respect to you and happy New ear.

bob3rocks

bob3rocks

2023-01-06 17:01

reporter   ~0017372

LOL happy New Year I mean

arnaudr

arnaudr

2023-01-09 10:02

manager   ~0017374

Thanks for your feedback! No new ear for this year for me ;) I wish you a great 2023!

Issue History

Date Modified Username Field Change
2022-12-20 03:40 bob3rocks New Issue
2023-01-06 02:39 arnaudr Note Added: 0017366
2023-01-06 02:50 bob3rocks Note Added: 0017367
2023-01-06 05:30 arnaudr Note Added: 0017368
2023-01-06 05:31 arnaudr Note Edited: 0017368
2023-01-06 06:26 bob3rocks Note Added: 0017369
2023-01-06 08:08 arnaudr Note Added: 0017370
2023-01-06 17:00 bob3rocks Note Added: 0017371
2023-01-06 17:01 bob3rocks Note Added: 0017372
2023-01-09 10:02 arnaudr Note Added: 0017374
2023-01-10 09:52 enropash Issue cloned: 0008137
2023-01-10 21:28 daniruiz Relationship added has duplicate 0008137
2023-01-17 15:36 arnaudr Assigned To => arnaudr
2023-01-17 15:36 arnaudr Status new => resolved
2023-01-17 15:36 arnaudr Resolution open => fixed