Skip to content

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.

License

Notifications You must be signed in to change notification settings

kleiton0x00/RedditC2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RedditC2

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.


🚫 [Disclaimer]: Use of this project is for Educational/ Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is found to use it for illegal/ malicious intent, author of the repo will not be held responsible.


Requirements

Install PRAW library in python3:

pip3 install praw

Quickstart

See the Quickstart guide on how to get going right away!

Demo

reddit_c2_demo.mp4

Workflow

Teamserver

  1. Go to the specific Reddit Post & post a new comment with the command ("in: ")
  2. Read for new comment which includes the word "out:"
  3. If no such comment is found, go back to step 2
  4. Parse the comment, decrypt it and read it's output
  5. Edit the existing comment to "executed", to avoid reexecuting it

Client

  1. Go to the specific Reddit Post & read the latest comment which includes "in:"
  2. If no new comment is detected, go back to step 1
  3. Parse the command out of the comment, decrypt it and execute it locally
  4. Encrypt the command's output and reply it to the respective comment ("out:" )

Below is a demonstration of the XOR-encrypted C2 traffic for understanding purposes:
Screenshot from 2022-12-15 10-58-34

Scanning results

Since it is a custom C2 Implant, it doesn't get detected by any AV as the bevahiour is completely legit.

TO-DO

  • Teamserver and agent compatible in Windows/Linux
  • Make the traffic encrypted
  • Add upload/download feature
  • Add persistence feature
  • Generate the agents dynamically (from the TeamServer)
  • Tab autocompletion

Credits

Special thanks to @T4TCH3R for working with me and contributing to this project.

About

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published