Und3rf10w / external_c2_framework

Python api for usage with cobalt strike's External C2 specification

224 stars 95 forks source link

Add Reddit PM transport #9

Closed Und3rf10w closed 6 years ago

Und3rf10w commented 6 years ago

Adds a transport that utilizes reddit PMs, inspired by #8.

To utilize this transport, simply modify config.py to have these values:

ENCODER_MODULE = "encoder_b64url"
TRANSPORT_MODULE = "transport_reddit"

You will also need to register a reddit app (as a script), install the praw module, then populate the proper values in server/utils/transports/transport_reddit.py and client/reddit/reddit_client.py

Und3rf10w commented 6 years ago

As of af78996, there is a bug where this will crash if the sending message's length is greater than 10k characters. However, the actual sending and receiving of data works, and can be verified by loading a stager manually from a file, instead of trying to receive it through the mechanism.

Tasks

[x] Need to implement some sort of method that allows data to be split and reassembled between multiple messages.

Und3rf10w commented 6 years ago

1e48fc1 introduced support for sending the stager, but there has to be a better way to do this.

Und3rf10w commented 6 years ago

197a2bc fixed a major bug, so it's mostly functional now.

Und3rf10w commented 6 years ago

Seems to be working fine for the most part, it is possible to get out of sync, but I'll merge this into dev, and list it as a possible bug for now.