TikC2 is a proof-of-concept Command & Control (C2) framework that leverages TikTok as a covert communication channel. Operators issue Linux commands via comments on TikTok videos, and the controlled system responds by generating Linux tutorial videos that embed command outputs. This approach avoids traditional network callbacks, using TikTok for stealthy C2 operations.
TikC2 transforms TikTok into a C2 platform:
- Command Channel: Operators post Linux commands in comments on specific TikTok videos.
- Execution: Commands are executed securely on the target system.
- Response Channel: Outputs are embedded in narrated Linux tutorial videos and uploaded to TikTok.
- Stealth: Communication occurs entirely through TikTok, eliminating direct server interactions.
tikc2_c3.mp4
- Polls comments on designated TikTok videos for commands.
- Exfiltrates command outputs via Linux tutorial video uploads.
- Runs Linux commands in a sandboxed environment.
- Captures stdout for integration into tutorial videos.
- Terminal-style typing animations for realism.
- Structured tutorial slides: Title β Command Explanation β Output β Summary.
- Uses TikTok cookies (
cookies.json) for seamless access.
- Halts the C2 loop upon receiving a
stop_mecomment.
- Python: 3.8+
- Browser: Google Chrome (for Playwright automation)
- OS: Linux (required for man pages)
- Hardware: Adequate CPU/RAM for video processing
Install required packages:
pip install -r requirements.txtKey libraries:
playwright>=1.45.0: TikTok web automationmoviepy>=1.0.3: Video editing and renderingpyttsx3orgtts: Text-to-speech narrationtyping-extensions>=4.12.0: Type support
-
Install Playwright Browser Runtime:
playwright install chromium
-
Export TikTok Cookies:
- Install the Get-cookies.txt-LOCALLY extension (Chrome/Firefox).
- Log in to TikTok in your browser.
- Export cookies for
https://www.tiktok.comusing the extension. - Save as
cookie3.txtin the project root.
-
Convert Cookies to JSON:
python convert_cookie.py
Generates
cookies.jsonfor authentication.
tikc2/
βββ tikc2.py # Main C2 controller
βββ convert_cookie.py # Converts Netscape cookies to JSON
βββ requirements.txt # Python dependencies
βββ cookies.json # TikTok authentication cookies
βββ cookie3.txt # Raw Netscape cookie export
βββ output/ # Generated tutorial videos
-
Clone the repository:
git clone https://github.com/shiky8/tikc2.git cd tikc2 -
Install dependencies:
pip install -r requirements.txt playwright install chromium
-
Set up TikTok cookies (see Installation).
-
Run the C2 loop:
python tikc2.py
The script uploads a "heartbeat" video, polls video comments for commands, and responds with tutorial videos until a stop_me comment is received.
python tikc2.pyFlow:
- Uploads a "heartbeat" video (runs
idcommand). - Polls comments on the designated TikTok video for new commands.
- Executes received commands and captures output.
- Generates a Linux tutorial video embedding the command output and narration.
- Uploads the tutorial video to TikTok.
- Stops on
stop_mecomment.
Generate a tutorial video for a specific command:
from tikc2 import make_video, build_enhanced_narration, run_command_capture_output
cmd = "ls"
output = run_command_capture_output(cmd)
narration = build_enhanced_narration(cmd, output)
make_video(cmd, output, narration, "ls_tutorial.mp4")- Tasking: Operator posts a Linux command in a comment on a designated TikTok video.
- Polling: Controlled host retrieves comments from the video.
- Execution: Command runs in a sandboxed Linux environment.
- Exfiltration: Output is embedded in a narrated Linux tutorial video.
- Delivery: Tutorial video is uploaded to TikTok for operator review.
- Terminal Animation: Realistic typing effect mimicking a Linux terminal.
- Tutorial Slide Structure:
- Title: Introduces the command.
- Explanation: Describes the command's purpose (e.g., using man page info).
- Output: Displays captured stdout.
- Summary: Recaps the command's results.
- Specs: 1280Γ720, 24 FPS, H.264 video, AAC audio.
graph TD
A[Operator] -->|Post command in TikTok video comment| B[Controlled Host]
B -->|Poll video comments for commands| A
B -->|Execute command| B
B -->|Generate Linux tutorial video with output| B
B -->|Upload tutorial video to TikTok| A
A -->|View tutorial video to retrieve output| A
- Cookie Expiry: TikTok cookies require periodic renewal.
- Linux Dependency:
manpages require a Linux environment. - Resource Usage: Video generation is CPU/RAM-intensive.
- Comment Retrieval Latency: Dependent on TikTok API response times.
- Upload Latency: Depends on TikTok upload speeds.
- Cookie Errors: Verify
cookie3.txtis correctly exported and converted tocookies.json. - Playwright Issues: Ensure Chromium is installed (
playwright install chromium). - Video Failures: Check for sufficient disk space and RAM.
- Command Failures: Ensure commands are valid for the Linux environment.
- Comment Polling Issues: Confirm the correct video ID is monitored and TikTok API is accessible.
TikC2 is a research tool for exploring social media-based C2 techniques. It is intended for educational and research purposes only. Unauthorized use, including malicious access or disruption, is prohibited. The authors are not liable for misuse.
We welcome contributions to improve TikC2. Ideas include:
- Support for additional covert channels (e.g., other platforms).
- Enhanced video obfuscation for stealth.
- Cross-platform support (Windows, macOS).
- Improved command parsing and validation.
To Contribute:
- Fork the repository.
- Create a feature branch (
git checkout -b shiky8/tikc2). - Submit a pull request with detailed changes.
For questions or issues, open a GitHub issue or contact the maintainers.