Skip to content
/ notionterm Public

πŸ–₯οΈπŸ“– Embed reverse shell in Notion pages

License

Unlicense license
122 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ariary/notionterm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

95 Commits
img
img
Β 
Β 
pkg/notionterm
pkg/notionterm
Β 
Β 
LICENSE
LICENSE
Β 
Β 
Makefile
Makefile
Β 
Β 
README.md
README.md
Β 
Β 
env.sh
env.sh
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
notionterm.go
notionterm.go
Β 
Β 
static-build.sh
static-build.sh
Β 
Β 
wrap-notionterm.sh
wrap-notionterm.sh
Β 
Β 

Repository files navigation

notionterm

Embed reverse shell in Notion pages.
Hack while taking notes

demo

FOR βž•:

  • Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)
  • Demo/Quick proof insertion within report
  • High available and shareable reverse shell (desktop, browser, mobile)
  • Encrypted and authenticated remote shell

NOT FOR βž–:

  • Long and interactive shell session (see tacos for that)

Why? πŸ€”

The focus was on making something fun while still being usable, but that's not meant to be THE solution for reverse shell in the pentester's arsenal

How? πŸ€·β€β™‚οΈ

Just use notion as usual and launch notionterm on target.

Requirements πŸ–ŠοΈ

  • Notion software and API key
  • Allowed HTTP communication from the target to the notion domain
  • Prior RCE on target
roughly inspired by the great idea of OffensiveNotion and notionion!

TL;DR

Learn command and flags is too boring: Use wrap-notionterm.sh

Quickstart

πŸ—οΈ Set-up

  1. Create a page and give to the integration API key the permissions to have page write access
  2. Build notionterm and transfer it on target machine (see Build)

πŸ‘Ÿ Run

There are 3 main ways to run notionterm:

"normal" mode
Get terminal, stop/unstop it, etc... notionterm [flags]
Start the shell with the button widget: turn ON, do you reverse shell stuff, turn OFF to pause, turn ON to resume etc...
"server" mode
Ease notionterm embedding in any page notionterm --server [flags]
Start a shell session in any page by creating an embed block with URL containing the page id (CTRL+Lto get it): https://[TARGET_URL]/notionterm?url=[NOTION_PAGE_ID].
light mode
Only perform HTTP traffic from target β†’ notion notionterm light [flags]

Build

As notionterm is aimed to be run on target machine it must be built to fit with it.

Thus set env var to fit with the target requirement:

GOOS=[windows/linux/darwin]

Simple build

git clone https://github.com/ariary/notionterm.git && cd notionterm
GOOS=$GOOS go build notionterm.go

You will need to set API key and notion page URL using either env var (NOTION_TOKEN & NOTION_PAGE_URL) or flags (--token & --page-url)

"All-inclusive" build

Embed directly the notion integration API token and notion page url in the binary. ⚠️ everybody with access to the binary can retrieved the token. For security reason don't share it and remove it after use.

Set according env var:

export NOTION_PAGE_URL=[NOTION_PAGE_URL]
export NOTION_TOKEN=[INTEGRATION_NOTION_TOKEN]

And build it:

git clone https://github.com/ariary/notionterm.git && cd notionterm
./static-build.sh $NOTION_PAGE_URL $NOTION_TOKEN $GOOS

About

πŸ–₯οΈπŸ“– Embed reverse shell in Notion pages

Topics

reverse-shell infosec pentest notion webshell c2c pentest-tool redteam notion-api

Resources

Readme

License

Unlicense license
Activity

Stars

122 stars

Watchers

3 watching

Forks

13 forks
Report repository

Releases 3

v1.0.1 πŸ“¦ wrapper Latest
Oct 10, 2022
+ 2 releases

Packages

No packages published

Languages