DropboxC2 工具原理总结——就是通过dropbox文件来间接做c2控制和交互。

视频:https://vimeo.com/197902404

 

可以看到就是一个利用dropbox的C2,不过他是通过dropbox的文件API在做C2控制的,如何做到的呢?其实很简单,C2的agent轮询服务器上是否有文件更新,有的话就下载下来,其实这里面就是C2交互的内容,而C2上传的信息又通过文件形式传到dropbox。C2的server也是通过这样的方式,间接和agent打交道。

 

代码:https://github.com/Arno0x/DBC2/blob/master/lib/dropboxHandler.py,使用API:

self.dropboxAPI = {
			'listFolder': 'https://api.dropboxapi.com/2/files/list_folder',
			'uploadFile': 'https://content.dropboxapi.com/2/files/upload',
			'downloadFile': 'https://content.dropboxapi.com/2/files/download',
			'deleteFile': 'https://api.dropboxapi.com/2/files/delete',
			'getMetaData': 'https://api.dropboxapi.com/2/files/get_metadata',
			'shareFile': 'https://api.dropboxapi.com/2/sharing/create_shared_link_with_settings',
			'getSharedLink': 'https://api.dropboxapi.com/2/sharing/list_shared_links'
		}

  

Architecture(看他的架构)

DBC2 Architecture

Features

DBC2 main features:

  • Various stager (Powershell one liner, batch file, MS-Office macro, javascript, DotNetToJScript, msbuild file, SCT file, ducky, more to come...)
  • Single CLI commands (one at a time, no environment persistency)
  • Pseudo-interactive shell (environment persistency) - based on an idea from 0xDEADBEEF00 [at] gmail.com
  • Send file to the agent
  • Retrieve file from the agent
  • Launch processes on the agent
  • Keylogger
  • Clipboard logger (clipboard recording/spying)
  • Screenshot capture
  • Run and interact with PowerShell modules (Endless capabilities: PowerSploit, Inveigh, Nishang, Empire modules, Powercat, etc.)
  • Send key strokes to any process
  • Set persistency through scheduled task and single instance through Mutex
  • Can run within (w|c)script.exe thanks to the DotNetToJScript stager (javascript2)
  • Can be injected into any process thanks to the nativeWrapper and its corresponding position independant shellcode !
posted @ 2021-08-28 18:19  bonelee  阅读(220)  评论(0编辑  收藏  举报