Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ TrelloC2 - Simple C2 Over The Trello API

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š TrelloC2 - Simple C2 Over The Trello API


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: kitploit.com


Simple C2 over Trello's API (Proof-of-Concept)

By: Fabrizio Siciliano (@0rbz_)

Update 12/30/2019

Removed hardcoded API key and Token, use input() instead.


Requirements

Python 3.x

Setup

  1. Create a Trello account: https://trello.com/signup
  2. Once logged in, get your API key: https://trello.com/app-key
  3. Generate a Token (same page as app-key, follow the "Token" link)
  4. Save both API key and Token, they're used in both the agent and operator scripts.
  5. Browse to your board https://trello.com/b/[random]/[membername].json to get the list ID which is required in the agent script. You can find this in the json output under the "lists" item and within the "Things To Do" item "id" value.

Usage

  1. Run agent.py on the target system. This is the implant, and once run, will supply the operator with a "CID" value. This is the card ID and is needed on the operator-side.
  2. Run the operator.py script on the attacker host. It will prompt for the agent's CID which is provided at agent.py runtime.
  3. Do what thou wilt...
  4. The operator script currently only has two commands; "show_commands" and "kill_implant". The "show_commands" command simply prints the help menu while the "kill_implant" command deletes the card associated with agent which terminates the agent connection. Typing "?" at the operator prompt will also display the commands menu.

Limitations

  • The Trello API "description" field for cards, which is used for temporarily storing commands and resulting command output, is limited in size. I think it's something around 16k characters. This is OK for most commands, however, commands that return large output will cause the agent to die due to the Trello API returning a 400 Bad Request (size too large) status. Be mindful of commands and their expected outputs. I'll eventually work in some logic to determine command output size before sending it back to trello's servers for operator consumption.

  • This is not OPSEC-safe. All commands and command output will temporarily pass through Trello's servers and output will exist in the agents' "card" in cleartext temporarily. Although the traffic is TLS encrypted (in-transit) courtesy of Trello, and although the operator script makes an effort to "wipe the slate" clear of the command output, there's no telling whether this information is stored indefinitely. Ideally, the commands and command output should be saved to a "card" in an encrypted format, (i.e., AES), pulled down, and decrypted locally. This hasn't been built into the tool yet, and in its current state would require the machine the agent lives on to have certain libraries which might not be present in a default situtation. (Something to work on)

  • The operator script and implant are currently both designed to be run on Linux-based boxes. Windows implants are a work in progress at this point in time.

Misc

Note: This is simply a proof-of-concept to demonstrate legitimate services as command and control infrastructure and is 100% in alpha dev. Use at your own risk and on systems you've been authorized to access. (i.e., wherever the agent lives)

Credits (ideas and concepts inspired by other works):



...



๐Ÿ“Œ TIBCO FTP Community Edition up to 6.5.0 on Windows Server/C API/Golang API/Java API/.Net API access control


๐Ÿ“ˆ 25.11 Punkte

๐Ÿ“Œ Trello API abused to link email addresses to 15 million accounts


๐Ÿ“ˆ 24.6 Punkte

๐Ÿ“Œ Trello 2.13.9 - Perspective over all of your projects.


๐Ÿ“ˆ 23.87 Punkte

๐Ÿ“Œ Trello data breach exposes over 15 million user email addresses


๐Ÿ“ˆ 23.87 Punkte

๐Ÿ“Œ FedCM updates: Login Status API, Error API, and Auto-selected Flag API


๐Ÿ“ˆ 18.84 Punkte

๐Ÿ“Œ Google Inbox fasst Mails von Trello und GitHub zusammen


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Projektmanagement: Atlassian kauft Trello


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Projektmanagement: Atlassian kauft Trello fรผr 425 Millionen US-Dollar


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Google Inbox fasst Mails von Trello und GitHub zusammen


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Atlassian Acquires Trello For $425M


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Projektmanagement: Atlassian kauft Trello


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Projektmanagement: Atlassian kauft Trello fรผr 425 Millionen US-Dollar


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Atlassian Acquires Trello For $425M


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Trello: Atlassian setzt alles auf eine Karte


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Microsoft integriert Trello in Teams-App


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Trello erscheint als Desktop-Programm


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Open Source und lokal statt Cloud: Wekan als Trello-Alternative


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Mining passwords from dozens of public Trello boards


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Trello bis 4.0.7 Card Cross Site Scripting


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Outlook fรผr Android bekommt Add-Ins; Evernote und Trello zum Start


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Taskbook: Like Trello but for your Terminal


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Taskbook: Like Trello but for your Terminal - Version 0.2.0 Released - Adds Snap Support


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Taskbook: Like Trello but for the Terminal - Release v0.3.0 is Out Now


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Taskbook: Like Trello but for the Terminal - Release v0.3.0 is Out Now


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Microsoft Teams und Trello kommen in den Windows Store


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Atlassian JIRA bis 7.6.0 Trello SSRF erweiterte Rechte


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Further Down the Trello Rabbit Hole (X-Post /r/netsec/)


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Trello Limits Teams on Free Tier To 10 Boards, Rolls Out Enterprise Automations and Admin Controls


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Trello for Windows 10


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Trello up to 4.0.7 Card cross site scripting


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Atlassian JIRA up to 7.6.0 Trello Server-Side Request Forgery


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Regus spills data of 900 staff on Trello board set to โ€˜publicโ€™


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Stop using Trello as a password manager (how to get people's password using Google Dorks)


๐Ÿ“ˆ 18.32 Punkte

๐Ÿ“Œ Zenkit 3.0: Trello Alternative aus Deutschland wird umfangreicher


๐Ÿ“ˆ 18.32 Punkte











matomo