You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.7 KiB
45 lines
1.7 KiB
7 years ago
|
# tsh
|
||
|
|
||
|
## Telegram Shell
|
||
|
|
||
|
Proof of concept of remote shell over Telegram.
|
||
|
|
||
|
## Up and running
|
||
|
|
||
|
Clone this repo, and create a config.js file with the following fields (You'll need to get a bot API key from [@BotFather](https://t.me/BotFather)):
|
||
|
|
||
|
```JavaScript
|
||
|
module.exports = {
|
||
|
botApiKey: '94365321:AAGM6_3QK_RC49SA1281zC5U_nmMF',
|
||
|
masterID: 12345678,
|
||
|
};
|
||
|
```
|
||
|
|
||
|
Do `npm install` to install dependencies (I recommend [pnpm](https://github.com/pnpm/pnpm) instead).
|
||
|
|
||
|
Run `npm start`.
|
||
|
|
||
|
Try running `/start` in your bot's private.
|
||
|
|
||
|
## Commands
|
||
|
|
||
|
- `/start` creates a new session.
|
||
|
- `/ls` list of active sessions.
|
||
|
- `/detach [session-identifier]` disconnect from session.
|
||
|
- `/attach <session-identifier>` reconnect to session.
|
||
|
- `/kill <session-identifier>` kill session.
|
||
|
|
||
|
## Known issues
|
||
|
|
||
|
- `tsh` doesn't play well with commands that require password from stdin, like `sudo`, or any command that creates a new shell (like `bash`). As a workaround, you could use `sudo -S` to read password from stdin. These may be fixed in a later version.
|
||
|
|
||
|
- Some times, the same response will be sent several times as the stream is triggered. This is fixable, and will be done soon.
|
||
|
|
||
|
## Security
|
||
|
|
||
|
`tsh` is recommended to be used by a single user only, for your personal needs. Therefore, you must host your own bot on the server. Support for multiple machines may come in future.
|
||
|
|
||
|
If you wouldn't trust Telegram with your content (especially sensitive content like passwords), please refrain from using this bot at all costs. It's a proof of concept and should be seen as such, and would be a massive breach of security to have sensitive content over Telegram.
|
||
|
|
||
|
Finally, feel free to fork or contribute. `tsh` is licensed under the terms of the permissive MIT license.
|