Search the Community

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, might be a great way to make the traffic look legit. Workflow Teamserver Go to the specific Reddit Post & post a new comment with the command ("in: ") Read for new comment which includes the word "out:" If no such comment is found, go back to step 2 Parse the comment, decrypt it and read it's output Edit the existing comment to "executed", to avoid reexecuting it Client Go to the specific Reddit Post & read the latest comment which includes "in:" If no new comment is detected, go back to step 1 Parse the command out of the comment, decrypt it and execute it locally Encrypt the command's output and reply it to the respective comment ("out:" ) [Disclaimer]: Use of this project is for Educational/ Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is found to use it for illegal/ malicious intent, author of the repo will not be held responsible. [hide][Hidden Content]]