Make your Slack group a C2 server :) Shlack = Shell + Slack
- Traffic is HTTPS encrypted, using Slack's crtificate.
- Your IP can only be tracked by Slack's team.
- Supports multiple targets by creating a new channel for each target.
- Supports uploading and downloading files from and to the victim.
The payload connects to the Slack group you made using the BotToken and the OauthToken, doing the following:
- The payload creates a new channel in Slack group. The channel name is created using "hostname_username".
- Keeps listening to commands sent through the created channel.
- Output of the command is sent back to you as a massege in the channel.
- If you have multiple victims, the commands are sent to all victims. But only the intended victim will execute the command.
For this to work you must have the following:
- A Slack group. (Duhh!)
- A Slack app.
- Add the app to the group.
- Add the app to the channel created by the victim. (This is important so that the messages sent through the channel is received by the shell)
- Give the app the following permissions from "OAuth & Permissions" section:
- channels:history
- channels:write
- bot
- search:read
- Python supports Windows and Linux. C# Support only Windows.
- Python require "python 3.6" and slackclient module to be installed. C# requires .Net Framework 4.5
- Python size after turning it to exe is more than 10MB. C# size is 255KB.
To upload files from the victim to Slack channel:
upload [path]
To download files to the victim:
download [URL] [Path/Filename]
To terminate the paylaod:
exit
