notionterm

Embed reverse shell in Notion pages. Hack while taking notes



FOR ➕:
  • Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell)
  • Demo
  • Quick proof insertion within report
  • High available and shareable reverse shell (desktop, browser, mobile)

NOT FOR ➖:

  • Long and robust shell session (see tacos for that)
  • Secure remote shell (Logically only person with writing access to the notion page can make rce with but…)

Why? 🤔

The focus was on making something fun while still being usable, but that’s not meant to be THE solution for reverse shell in the pentester’s arsenal

How? 🤷‍♂️

Just use notion as usual and launch notionterm on target.

Requirements 🖊️

  • Notion software and API key
  • Allowed bidirectionnal HTTP communication between a target and notion domain
  • Prior RCE on target

roughly inspired by the great idea of OffensiveNotion and notionion!

Quickstart

Set-up

  1. Create the “reverse shell” page in Notion (1 embed block, 1 code block)
  2. Give the permissions to notionterm to access the page (with the notion api key)

Run (details)

  1. Start notionterm
  2. Activate the reverse shell (with the button ON)
  3. do your reverse shell stuff
  4. Shutdown the reverse shell (OFF)

👟 Run

# On target with prior RCE
./notionterm

Configuration can be made using:

  • Flags
  • Configuration table in notion page

Install

  • From release: curl -lO -L https://github.com/ariary/notionterm/releases/latest/download/notionterm && chmod +x notionterm

GitHub

View Github