Home

Awesome

TrelloC2

Simple C2 over Trello's API (Proof-of-Concept)

By: Fabrizio Siciliano

screenshot

Update 12/30/2019

Removed hardcoded API key and Token, use input() instead.

Requirements

Python 3.x

Setup

  1. Create a Trello account: https://trello.com/signup
  2. Once logged in, get your API key: https://trello.com/app-key
  3. Generate a Token (same page as app-key, follow the "Token" link)
  4. Save both API key and Token, they're used in both the agent and operator scripts.
  5. Browse to your board https://trello.com/b/[random]/[membername].json to get the list ID which is required in the agent script. You can find this in the json output under the "lists" item and within the "Things To Do" item "id" value.

Usage

  1. Run agent.py on the target system. This is the implant, and once run, will supply the operator with a "CID" value. This is the card ID and is needed on the operator-side.
  2. Run the operator.py script on the attacker host. It will prompt for the agent's CID which is provided at agent.py runtime.
  3. Do what thou wilt...
  4. The operator script currently only has two commands; "show_commands" and "kill_implant". The "show_commands" command simply prints the help menu while the "kill_implant" command deletes the card associated with agent which terminates the agent connection. Typing "?" at the operator prompt will also display the commands menu.

Limitations

Misc

Note: This is simply a proof-of-concept to demonstrate legitimate services as command and control infrastructure and is 100% in alpha dev. Use at your own risk and on systems you've been authorized to access. (i.e., wherever the agent lives)

Credits (ideas and concepts inspired by other works):