A PoC of a Blockchain-based C&C
Description
This project contains a Proof of Concept on how to push information to the Bitcoin blockchain using OP_RETURN
.
Some sample clients have been added to illustrate how the information in the blockhain can be used as a place from where we can extract commands to be run or any other orders.
This PoC was originally presented at EuskalHack Security Congress @ Donostia-San Sebastián in 2017.
Authors
Yaiza Rubio (@yrubiosec) and Félix Brezo (@febrezo)
License
GPLv3+.
Administration Tool
To run the Python administration and victim tools, users need to run:
git clone https://github.com/i3visio/blockchain_c2c
cd blockchain_c2c
pip install -r requirements
To start the administration tool:
cd admin
python blockchain_c2c.py
Afterwards, the interactive menus can be followed up.
At the moment, the transaction needs to be pushed manually using a suitable provider like Blockr.io.
Consumer tools
Using the Python Client
The Python client can be found under /vitcim/python
. The file is:
cd victim/python
python blockchain_client.py
Using the Javascript Client
Under the victim/javascript/
a sample implementation of the bitcoin_client.py
code has been ported to Javascript. This can be added on any website or browser extension easily.