Sowing Chaos and Reaping Rewards in Confluence and Jira

Let me paint a picture for you. You’re on a red team operation, operating from your favorite C2, and have just landed on a user’s workstation.

AtlasReaper is a .NET tool created by werdhaihai that is designed to interact with Atlassian's Confluence and Jira applications. It is designed to run in-memory from C2 agents, with the aim of minimizing the network overhead generated from a SOCKS proxy. The tool has several features, including listing spaces, pages, attachments, projects, issues (and comments), usernames, and emails, and has the ability to search by a provided keyword. It also has the ability to add content to pages and issues, as well as attach files and comment on issues. It is possible to run the tool without the -c or — cookie flag if the applications are accessible to anonymous users.

AtlasReaper is a useful tool for both attackers and defenders. For attackers, it can be used to capture hashes in a less conspicuous way by embedding a 1x1 pixel image on a page. For defenders, the tool can be used to update the password policy on Confluence and Jira pages. It also supports a few filtering options that can be used to identify recently updated pages.

The tool includes two commands, confluence and jira, each with several subcommands. The confluence command contains several subcommands, such as listspaces, listpages, listattachments, search, attach, embed, download, and link. The jira command contains several subcommands, such as listprojects, listissues, listusers, search, addcomment, attach, and createissue.

AtlasReaper has not been widely tested, so users should be aware that there may be errors. Additionally, there are some additional features for both Confluence and Jira that are not covered by the tool. If users find that certain information or functionality is missing, they are encouraged to make a pull request.

Overall, AtlasReaper is a useful tool for both attackers and defenders. It can be used to capture hashes in a less conspicuous way, as well as update the password policy on Confluence and Jira pages. It is designed to work with the cloud versions of Confluence and Jira, which use the same session token, named cloud.session.token. Users should be aware that the tool has not been widely tested and there may be errors, as well as some additional features that are not covered. Pull requests are welcome.

📓 Sowing Chaos and Reaping Rewards in Confluence and Jira

👉🏽 Let me paint a picture for you. You’re on a red team operation, operating from your favorite C2, and have just landed on a user’s workstation. 👉🏽 AtlasReaper is a .NET tool for interacting with Atlassian's Confluence and Jira applications. 👉🏽 The tool runs in-memory from C2 agents, minimizing network overhead from SOCKS proxy. 👉🏽 Features include listing spaces, pages, attachments, projects, issues, usernames, and emails. 👉🏽 It can search by a provided keyword and add content, attach files, and comment on issues. 👉🏽 The tool is useful for attackers to capture hashes inconspicuously and defenders to update password policies. 👉🏽 It supports filtering options to identify recently updated pages. 👉🏽 The tool has two commands, confluence (subcommands: listspaces, listpages, etc.) and jira (subcommands: listprojects, listissues, etc.). 👉🏽 Users should be aware that there may be errors as the tool has not been widely tested. 👉🏽 Some additional features of Confluence and Jira are not covered by the tool. 👉🏽 Pull requests are encouraged if users find missing information or functionality.

🔗 source link: https://posts.specterops.io/sowing-chaos-and-reaping-rewards-in-confluence-and-jira-7a90ba33bf62

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/articles-and-reports/sowing-chaos-and-reaping-rewards-in-confluence-and-jira

#AtlasReaper #.NETtool #Confluence #Jira #hashcapture