Kali Linux

Notionterm : Embed Reverse Shell In Notion Pages

Notionterm is a Embed Reverse Shell In Notion Pages

  • Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)
  • Demo/Quick proof insertion within report
  • High available and shareable reverse shell (desktop, browser, mobile)
  • Encrypted and authenticated remote shell

The focus was on making something fun while still being usable, but that’s not meant to be THE solution for reverse shell in the pentester’s arsenal

Requirements

  • Notion software and API key
  • Allowed HTTP communication from the target to the notion domain
  • Prior RCE on target

Set-up

  • Create a page and give to the integration API key the permissions to have page write access
  • Build notionterm and transfer it on target machine (see install)

Run

There are 3 main ways to run notionterm:“normal” mode
Get terminal, stop/unstop it, etc…notionterm [flags]
Start the shell with the button widget: turn ON, do you reverse shell stuff, turn OFF to pause, turn ON to resume etc…“server” mode
Ease notionterm embedding in any pagenotionterm --server [flags]
Start a shell session in any page by creating an embed block with URL containing the page id (CTRL+Lto get it)https://[TARGET_URL]/notionterm?url=[NOTION_PAGE_ID].light mode
Only perform HTTP traffic from target → notionnotionterm light [flags]

Install

As notionterm is aimed to be run on target machine it must be built to fit with it.

Thus set env var to fit with the target requirement:

GOOS=[windows/linux/darwin]

Simple build

git clone https://github.com/ariary/notionterm.git && cd notionterm
GOOS=$GOOS go build notionterm.go

You will need to set API key and notion page URL using either env var (NOTION_TOKEN & NOTION_PAGE_URL) or flags (--token & --page-url)

“All-inclusive” build

Embed directly the notion integration API token and notion page url in the binary. ⚠️ everybody with access to the binary can retrieved the token. For security reason don’t share it and remove it after use.

Set according env var:

export NOTION_PAGE_URL=[NOTION_PAGE_URL]
export NOTION_TOKEN=[INTEGRATION_NOTION_TOKEN]

And build it:

git clone https://github.com/ariary/notionterm.git && cd notionterm
./static-build.sh $NOTION_PAGE_URL $NOTION_TOKEN $GOOS go build notionterm.go

Download
R K

Leave a Comment
Share
Published by
R K
Tags: Embed Reverse ShellNotion PagesNotionterm
3 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

19 hours ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

19 hours ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

19 hours ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

19 hours ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago