-
Notifications
You must be signed in to change notification settings - Fork 124
Home
"Hey, you got your notetaking app in my C2!"
"Hey, you got your C2 in my notetaking app!"
Want to document your red team operation, but think it's lame your notetaking application can't aid in your post-exploitation efforts? Now your notetaking app is your C2, with OffensiveNotion!
OffensiveNotion combines the capabilities of a post-exploitation agent with the power of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.
With a little setup, you can...
- Receive an agent check in to your notion page:
[pic]
- Run shell commands:
[pic]
- Stack up a bunch of commands to do initial check-in safety checks...
[pic]
- ...and then execute them all:
[pic]
- Document your findings as you go on the same page:
[pic]
- Portscan another host or subnet:
[pic]
- Elevate to the administrator context:
[pic]
- Persist using one of many different methods:
[pic]
- And, perform remote shellcode injection:
[pic]
The "listener" is just a page in a Notion notebook. But you can set it up to catch the callbacks for your agents:
-
Create your listener page. Add a new page to Notion, preferably in a notebook that's not being used for anything else:
-
In the upper right corner, click "Share" and "Invite". Add your Notion Developer API account to this page:
-
Copy the URL of your page down. If you're in the web browser Notion client, this can be taken from the URL of the page. In the desktop app, enter
ctl-l
to copy it to your clipboard. -
If your listener URL is:
https://www.notion.so/LISTENER-11223344556677889900112233445566
... then your parent page ID is the number after the name of the listener, split with hyphens into the following schema: 8-4-4-4-12.
Meaning, your parent page ID would be: 11223344-5566-7788-9900-112233445566
. This value is used to connect your agent to your listener, so keep track of it!
$ sudo python3 main.py -h
usage: main.py [-h] [-o {linux,windows}] [-b {debug,release}] [-c]
OffensiveNotion Setup. Must be run as root. Generates the OffensiveNotion agent in a container.
optional arguments:
-h, --help show this help message and exit
-o {linux,windows}, --os {linux,windows}
Target OS
-b {debug,release}, --build {debug,release}
Binary build
-c, --c2lint C2 linter. Checks your C2 config by creating a test page on your Listener.
The main.py
script handles all setup and agent compilation. You need docker in order to use it.
If you don't have docker already:
$ sudo apt-get install docker.io
Next, install the Python dependencies:
$ pip3 install poetry
$ poetry shell
$ poetry install
Then run the main script:
$ sudo python3 main.py [-h] [-o {linux,windows}] [-b {debug,release}] [-c]
...and follow the prompts to perform the installation. It creates a Docker container and creates the agent inside, then copies it to your physical host and deletes the container.