DropboxC2 工具原理总结——就是通过dropbox文件来间接做c2控制和交互。

视频：https://vimeo.com/197902404

可以看到就是一个利用dropbox的C2，不过他是通过dropbox的文件API在做C2控制的，如何做到的呢？其实很简单，C2的agent轮询服务器上是否有文件更新，有的话就下载下来，其实这里面就是C2交互的内容，而C2上传的信息又通过文件形式传到dropbox。C2的server也是通过这样的方式，间接和agent打交道。

代码：https://github.com/Arno0x/DBC2/blob/master/lib/dropboxHandler.py，使用API：

self.dropboxAPI = {
            'listFolder': 'https://api.dropboxapi.com/2/files/list_folder',
            'uploadFile': 'https://content.dropboxapi.com/2/files/upload',
            'downloadFile': 'https://content.dropboxapi.com/2/files/download',
            'deleteFile': 'https://api.dropboxapi.com/2/files/delete',
            'getMetaData': 'https://api.dropboxapi.com/2/files/get_metadata',
            'shareFile': 'https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings',
            'getSharedLink': 'https://api.dropboxapi.com/2/sharing/list_shared_links'
        }

Architecture（看他的架构）

Features

DBC2 main features:

Various stager (Powershell one liner, batch file, MS-Office macro, javascript, DotNetToJScript, msbuild file, SCT file, ducky, more to come...)
Single CLI commands (one at a time, no environment persistency)
Pseudo-interactive shell (environment persistency) - based on an idea from 0xDEADBEEF00 [at] gmail.com
Send file to the agent
Retrieve file from the agent
Launch processes on the agent
Keylogger
Clipboard logger (clipboard recording/spying)
Screenshot capture
Run and interact with PowerShell modules (Endless capabilities: PowerSploit, Inveigh, Nishang, Empire modules, Powercat, etc.)
Send key strokes to any process
Set persistency through scheduled task and single instance through Mutex
Can run within (w|c)script.exe thanks to the DotNetToJScript stager (javascript2)
Can be injected into any process thanks to the nativeWrapper and its corresponding position independant shellcode !