- Joined
- Jan 8, 2019
- Messages
- 56,602
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,445
- Points
- 2,313
- Credits
- 32,540
6 Years of Service
76%
Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, might be a great way to make the traffic look legit.
Workflow
Teamserver
Go to the specific Reddit Post & post a new comment with the command ("in: ")
Read for new comment which includes the word "out:"
If no such comment is found, go back to step 2
Parse the comment, decrypt it and read it's output
Edit the existing comment to "executed", to avoid reexecuting it
Client
Go to the specific Reddit Post & read the latest comment which includes "in:"
If no new comment is detected, go back to step 1
Parse the command out of the comment, decrypt it and execute it locally
Encrypt the command's output and reply it to the respective comment ("out:" )
[Disclaimer]: Use of this project is for Educational/ Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is found to use it for illegal/ malicious intent, author of the repo will not be held responsible.