Enhancing AtlasReaper
For red teamers, adaptability is everything. The ability to pivot quickly and exploit opportunities in dynamic environments is crucial. AtlasReaper, already a reliable ally in targeting Atlassian environments like Confluence and Jira, just became even more formidable. With the addition of BOF.NET-powered attachment downloading, this tool now offers capabilities tailored for stealth and efficiency in Red Teaming engagements.
What’s New with BOF.NET Integration?
The extended functionality allows users to leverage BOF.NET, a .NET runtime extension for Beacon Object Files, to download attachments directly from Jira Issues and Confluence pages with greater flexibility and reduced footprint, perfect for engagements where maintaining stealth is critical. This addition makes AtlasReaper even more effective for scenarios where saving locally on the host might be limited by access controls or other barriers.
New Features
- Download Attachments from Jira Issues
AtlasReaper.exe jira downloadBOFNET --url $url --cookie $cookie -a id1,id2,...
This command can be used to pull down attachments from Jira Issues, targeting files that may contain sensitive data, misconfigurations, or breadcrumbs for further lateral movement.
- Download Attachments from Confluence
AtlasReaper.exe confluence downloadBOFNET --url $url --cookie $cookie -a id1,id2,...
Similarly, for Confluence, this command simplifies access to attachments that could expose credentials, internal documentation, or other critical insights.
Why This Matters
- Stealth Operations: BOF.NET’s in-memory nature minimizes disk footprint, reducing chances of detection by defensive tools.
- Flexibility in Complex Environments: Whether evading EDR or navigating restrictive environments, it is important to minimize your footprint by performing targeted actions.
- Faster/Automated Data Gathering: Directly retrieve the attachments you need without time-consuming manual exploration.
The complete project files accompanying this blog post can be found at the HackCraft Github.
