Skip to content

2. Quickstart

Jump to bottom
HuskyHacks edited this page Mar 27, 2022 · 24 revisions

TL;DR

How do I get this thing working so I can see what it can do?

  1. Make a Notion account
  2. Go to the Notion API developer page and log in. Create an Integration user (New integration). Copy that user's API key.
  3. Create a page in your Notion book (any page will do). This is your "Listener." Copy the final part of the URL or press ctl+L in the Desktop app. This is your parent page ID. Keep track of it for a moment. Deck out your page with a banner and emoji icon. Have fun with it.

image

  1. In the upper-right corner of your Notion page, click "Share" and "Invite." Add your Notion Developer API account to this page.
  2. Download the Linux Debug agent from the Release section.
  3. Run the release agent in debug mode (-d) and input the values for each prompt.
husky@ubuntu:~/Desktop/OffensiveNotion/bin/linux_debug/debug$ ./offensive_notion -d
[*] Starting!
Getting config options!
[*] Enter agent sleep interval > 5
[*] Enter agent jitter time > 0
[*] Enter parent page id > [...your parent page ID..]
[*] Enter API Key > 
[...your API key...]
[*] Enter Config File Path > 
[leave blank]
[*] Enter Log Level (1-4) > 
2
  1. Your agent should now check into your Listener page:

image

  1. Run commands! Make a To-Do block (/todo in the Notion app), enter shell whoami 🎯, and watch the magic unfold.

image

See the Agent Interaction section for the full list of available commands.

Docker

The best way to build the OffensiveNotion agent with your own custom configurations is with Docker and the main.py script. This acts as the turn-key point for the entire operation.

With two Docker commands, you can build the container that compiles the agent, set all of its configs in the source code, compile it, and have it available on your physical host. Then, you can run the commands again and change the configs if you want.

Building and Running the Container

This works best on Linux. You'll need Docker, of course. Once you have Docker installed, clone the repo and change dirs into the repo.

Docker Build

To build the container:

$ sudo docker image build -t offensivenotion .

Docker Run

Use this Docker run command as a base:

$ sudo docker rm -f offensivenotion && sudo docker container run -v $(pwd):/out --name offensivenotion -it offensivenotion -o linux -b release

...where:

  • sudo docker rm -f offensivenotion removes any running instance of the container.
  • -v $(pwd):/out maps the OffensiveNotion repo on the host to the /out directory in the container. tl;dr: your agent will be there when it is done compiling.
  • -o linux -b release is the set of build script arguments.

Everything after -it offensivenotion is an argument to the main.py script. What's the main.py script, you say?

🟠 Important

Mounting the volume to the main directory of the repo is important so you can immediately get your agent out onto your physical host. You can also use the Docker copy command but that's pretty clumsy, tbh.

main.py

This script is the entrypoint of the container and handles everything you need to make an OffensiveNotion agent. It reads in the type of agent you want to make (Linux, Windows, or macOS), sets the configs in the source code, compiles the agent, and resets the source code for you.

It can also do some fun stuff like Web Delivery and a C2 check. More on these later.

Check out the full usage of main.py to see your options:

python3 main.py -h
usage: main.py [-h] [-o {linux,windows,macos}] [-b {debug,release}] [-c] [-w]
               [-m {powershell,wget-linux,wget-psh,python-linux,python-windows}] [-ip HOSTIP] [-p PORT]

OffensiveNotion Setup. Must be run as root. Generates the OffensiveNotion agent in a container.

optional arguments:
  -h, --help            show this help message and exit
  -o {linux,windows,macos}, --os {linux,windows,macos}
                        Target OS
  -b {debug,release}, --build {debug,release}
                        Binary build
  -c, --c2lint          C2 linter. Checks your C2 config by creating a test page on your Listener.
  -w, --webdelivery     Start a web delivery server to host and deliver your agent. Provides convenient one liners to run on the
                        target.
  -m {powershell,wget-linux,wget-psh,python-linux,python-windows}, --method {powershell,wget-linux,wget-psh,python-linux,python-windows}
                        Method of web delivery
  -ip HOSTIP, --hostIP HOSTIP
                        Web server host IP.
  -p PORT, --port PORT  Web server host port.

The only two arguments that are required are -o, for the OS, and -b, for the build (debug or release). The additional arguments are covered in the Misc section.

If you do not pass in the build and OS arguments, it defaults to a Linux debug agent.

Once the script is running, follow the prompts to perform the installation. You'll input your API key and parent page ID. More information on these can be found in the next section, Setup.

At the end, you'll have an agent in the main directory of the repo.

More Examples of Docker Run

I want to build a Linux debug agent for testing:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out --name offensivenotion -it offensivenotion

I want to make a Windows release agent:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out --name offensivenotion -it offensivenotion -o windows -b release

I wanna try out that cool macOS agent everyone is talking about, release build:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out --name offensivenotion -it offensivenotion -o macos -b release

I want to build a Linux release agent and check to make sure my API key and parent page are good:

$ sudo docker rm -r offensivenotion && sudo docker container run -v $(pwd):/out --name offensivenotion -it offensivenotion -o linux -b release --c2llint

I want to make a Windows release payload and host it for web delivery

(Beast of a command incoming)

$ sudo docker rm -f offensivenotion && sudo docker container run -p 80:80 -v $(pwd):/out -it --name offensivenotion offensivenotion -o windows -b release -w -ip 10.10.1.237 --port 80 -m powershell

(let's break it down)

...where:

  • sudo docker rm -f offensivenotion removes any running instance of the container.
  • sudo docker container run starts a container.
  • -p 80:80 publishes the port of the container and forwards it to the physical host. Make sure this matches the --port argument from the last part of this command.
  • -v $(pwd):/out mounts the current working directory on the host as a volume on the container. Your config.json and payload are moved here so they end up on your physical host in case you want to reuse them.
  • -it --name offensivenotion offensivenotion: Put me in an interactive terminal in the container (required to interact with main.py), call the container offensivenotion, use the offensivenotion image that we built earlier.
  • -o windows -b release -w -ip 10.10.1.237 --port 80 -m powershell: Everything in here is an argument for main.py, which you can find in the main.py usage (see above). In this case, make a windows release payload, turn web delivery on, use this IP address and this port for the download cradle, and use PowerShell to create the one-liner.
Clone this wiki locally