loading...

Use Telegram bot as a Penetration Testing Framework

sofianehamlaoui profile image Sofiane Hamlaoui ・4 min read

✈️Use Telegram bot as a Penetration Testing Framework

  • The idea ? :

So I was checking out my browser bookmarks, then I noticed having a medium article about Telegram bot for Hacking & Pentesting . I checked the article and shared it on my Twitter account, than I’ve seen that some CyberSec (or Interested by ) loved the bot idea.

I made a
Penetration Testing Framework called Lockdoor, So why not making the same thing with my tool ?

Updates : Arbaz Hussain’s tool isn’t working now ( 12/15/2019 )

Check it here : https://github.com/arbazkiraak/hackbot

  • How does that work ?

So the idea is by running Lockdoor Framework from any Telegram chat/messenger.

Basically, it’s about running ( commands ) to run the tool from any Telegram chat, Of course before doing that you have first to configure & install the tool first, than configuring the bot and using it.

  • Cool, Let’s do that !

1 — Configuring & Installing Lockdoor Framework :

To do that, you can check the installation wiki of the tool :

SofianeHamlaoui/Lockdoor-Framework

  • Or :
$: git clone [https://github.com/SofianeHamlaoui/Lockdoor-Framework.git](https://github.com/SofianeHamlaoui/Lockdoor-Framework.git) && cd Lockdoor-Framework 
$: chmod +x ./install.sh 
$: ./install.sh

2 — Configuring & Installing the Telegram bot

For that I used A modified version of shell bot, made by _ _ botgram .

  • Configuring the bot

https://github.com/SofianeHamlaoui/lockdoor-bot

Starting a conversation with botfather

Creating the Telegram bot

  • type /newbot to create a new bot
  • give it a Name. ( A name for your Telegram Bot )
  • give it a Username. ( A username for your Telegram bot
  • Copy and Save the API
  • Configuring & Running the bot server
Requirements : 
- python
- [node-pty](https://github.com/Microsoft/node-pty#dependencies)
- Telegram 
- Happiness :D
  • * Installing
$: git clone [https://github.com/SofianeHamlaoui/Lockdoor-bot](https://github.com/SofianeHamlaoui/lockdoor-bot) && cd Lockdoor-bot
$: npm install
  • *Starting the server :
$: node server

The first time you run it, it will ask you some questions and create the configuration file automatically: config.json. You can also write it manually, see config.example.json

Configuring the server

  • Using the API token you copied after creating the Telegram bot
  • Use the link given by the bot ( https://t.me/X/X/X/X/X/X/X/X/X/ ) and send a message to make your Telegram profile as bot’s owner )
  • *Running the server :
$: node server

The bot is ready

CONGRATULATIONS ! Your Bot is ready ❤

  • The commands :

You have lot of commands to use with this bot here is the list of the commands ( or you can check them fromgithub’s repo_ )_

run - Execute command
enter - Send input lines to command
type - Type keys into command
control - Type Control+Letter
meta - Send the next typed key with Alt
keypad - Toggle keypad for special keys
redraw - Force the command to repaint
end - Send EOF to command
cancel - Interrupt command
kill - Send signal to process
status - View status and current settings
cd - Change directory
env - Manipulate the environment
shell - Change shell used to run commands
resize - Change the terminal size
setsilent - Enable / disable silent output
setlinkpreviews - Enable / disable link expansion
setinteractive - Enable / disable shell interactive flag
help - Get help
file - View and edit small text files
upload - Upload and overwrite raw files
r - Alias for /run or /enter

The important commands :

/run - to run a command
/enter - to Send input lines to command

After Configuring and running the server, Now it’s time to Use Lockdoor-Framework From any Telegram Chat/Messenger.

Now ! You have 2 choices ! As Lockdoor Framework requires the Root Permissions, You can :

  • 1 > Run the bot server as root, ( Not really recommended)
$: sudo node server
  • 2 > Run lockdoor as root from the telegram chat
$: ( Telegram chat ) : / **run sudo lockdoor**
  • Go to your telegram bot chat and type / run lockdoor ( or / run sudo lockdoor if you didn’t start the bot server as root )

CONGRATULATIONS ! You’re running a Penetration Testing Framework from a Telegram chat ❤

  • Screenshots :

From Desktop/Web chat :

Screenshots from the Desktop/Web chat

From phone :

Lockdoor Framework on phone

  • What’s next ? :

More : Check Lockdoor Framework Github repo with to know more about the tool and how it works ❤

  • My Github profile :

SofianeHamlaoui/Lockdoor-Framework

  • My Twitter account :

Sofiane Hamlaoui

  • My Website :

Sofiane HAMLAOUI on about.me

  • My Facebook profile

Facebook

  • Thanks !

Thanks to Arbaz Hussain for his article that gave me this idea.

Thanks to Alba Mendez for her bot-shell that helped me making the lockdoor Telegram bot.

Posted on by:

sofianehamlaoui profile

Sofiane Hamlaoui

@sofianehamlaoui

InfoSec student , Fan of programming and a Cyber Security Analyst @ANSSI_FR contact@sofianehamlaoui.me

Discussion

markdown guide