RedditC2: Abusing Reddit API to host the C2 traffic
RedditC2
Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, might be a great way to make the traffic look legit.
Workflow
Teamserver
- Go to the specific Reddit Post & post a new comment with the command (“in: “)
- Read for new comment which includes the word “out:”
- If no such comment is found, go back to step 2
- Parse and read the output
- Edit the existing comment to “executed”, to avoid re-executing it
Client
- Go to the specific Reddit Post & read the latest comment which includes “in:”
- If no new comment is detected, go back to step 1
- Parse the command out of the comment and executes it locally
- Reply to the comment with the command’s output (“out:” )
Download
git clone https://github.com/kleiton0x00/RedditC2.git
pip3 install praw
Teamserver Setup
- Create a Reddit account and create your first app.
- Copy the clientid and secret key and paste it to config.json (Located in /RedditC2/Teamserver/)
- You are ready to go!
Creating your Reddit bot
- Once you have created (or already have) an account, go to apps.
- Click on create app button, located in the bottom of the page.
- Fill in the details like below (Note: Change the name to something unique)
- Click create app and copy the client_id and secret keys.
Configure the Teamserver
- Go to the Teamserver’s folder and open a file named config.json
- Paste the client_id and secret keys, which you got from the previous steps, and save the file.
- The final output should look something like this:
Congratulations, the TeamServer setup is finished, now start the teamserver by executing the following command:
python3 teamserver.py
Use
Copyright (C) 2022 kleiton0x00
