Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/blazeinfosec/bt2

Blaze Telegram Backdoor Toolkit is a post-exploitation tool that leverages the infrastructure of Telegram as a C&C
https://github.com/blazeinfosec/bt2

Last synced: 23 days ago
JSON representation

Blaze Telegram Backdoor Toolkit is a post-exploitation tool that leverages the infrastructure of Telegram as a C&C

Host: GitHub
URL: https://github.com/blazeinfosec/bt2
Owner: blazeinfosec
License: apache-2.0
Created: 2016-05-17T10:23:22.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2018-09-06T12:58:12.000Z (over 6 years ago)
Last Synced: 2024-08-04T04:07:25.579Z (4 months ago)
Language: Python
Size: 529 KB
Stars: 194
Watchers: 23
Forks: 62
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - blazeinfosec/bt2 - Blaze Telegram Backdoor Toolkit is a post-exploitation tool that leverages the infrastructure of Telegram as a C&C (Python)

README

## bt2: Blaze Telegram Backdoor Toolkit

bt2 is a Python-based backdoor in form of a IM bot that uses the
infrastructure and the feature-rich bot API provided by Telegram, slightly
repurposing its communication platform to act as a C&C.

## Dependencies

* [Telepot](https://github.com/nickoala/telepot)
* [requests](https://pypi.python.org/pypi/requests/)

## Installation

```
$ sudo pip install telepot
$ sudo pip install requests
```

PS: Telepot requires minimum of requests 2.9.1 to work properly.

## Limitations

Currently the shellcode execution component is dependent on ctypes and
works only on Windows platforms.

## Usage

Before using this code one has to register a bot with Telegram. This can
be done by talking to Botfather - after setting up the name for the bot and
username you will get a key that will be used to interact with the bot API.

For more information see [Telegram bots: an introduction for developers](https://core.telegram.org/bots#botfather)

Also, it is highly advisable to replace 'botmaster ID' with the ID of the
master, locking the communication between the bot to the specific ID of
the botmaster to avoid abuse from unauthorized parties.

```
$ python bt2.py
```

![Sample screenshot](https://raw.githubusercontent.com/blazeinfosec/bt2/master/images/main-screenshot.png)

## Resources

We published a blog post with a few more details on command and control platforms and how to use the tool: https://blog.blazeinfosec.com/bt2-leveraging-telegram-as-a-command-control-platform/

## Disclaimer

bt2 is a mere proof of concept and by no means intends to breach the terms
and conditions of Telegram. It was developed for usage in legitimate
penetration testing engagements and neither the author nor Blaze
Information Security can be liable for any malicious use of the tool.

## Known bugs

* After launching a reverse shell and exiting from it, all commands sent to
the bot have duplicate responses.
* The 'kill' functionality is not working as it should.
* After successful execution of shellcode, the bot dies. Upon return it
fetches the previous messages from the server and executes the shellcode
again. Need to find a way to avoid fetching of previous messages.

## Author

* **Julio Cesar Fort** - julio at blazeinfosec dot com
* Twitter: @juliocesarfort / @blazeinfosec

## License

This project is licensed under the Apache License - see the [LICENSE](LICENSE) file for details.