codefeathers
/
tsh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Telegram Shell. Remote access over Telegram bot API.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
1 Branch
0 Tags
380 KiB
 
Tree: f919dd52c7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f919dd52c7'
${ noResults }
Muthu Kumar f919dd52c7
[refactor] Abstracted getText and extractCommand 		6 years ago
lib [refactor] Deduplicate listeners 6 years ago
util [refactor] Abstracted getText and extractCommand 6 years ago
.gitignore Initial Commit 6 years ago
README.md [docs] Added README 6 years ago
app.js [refactor] Abstracted getText and extractCommand 6 years ago
package.json [misc] Add Thomas to contributors 6 years ago
shrinkwrap.yaml indentation 6 years ago

README.md

tsh

Telegram Shell

Proof of concept of remote shell over Telegram.

Up and running

Clone this repo, and create a config.js file with the following fields (You'll need to get a bot API key from @BotFather):

module.exports = {
	botApiKey: '94365321:AAGM6_3QK_RC49SA1281zC5U_nmMF',
	masterID: 12345678,
};

Do npm install to install dependencies (I recommend pnpm instead).

Run npm start.

Try running /start in your bot's private.

Commands

  • /start creates a new session.
  • /ls list of active sessions.
  • /detach [session-identifier] disconnect from session.
  • /attach <session-identifier> reconnect to session.
  • /kill <session-identifier> kill session.

Known issues

  • tsh doesn't play well with commands that require password from stdin, like sudo, or any command that creates a new shell (like bash). As a workaround, you could use sudo -S to read password from stdin. These may be fixed in a later version.

  • Some times, the same response will be sent several times as the stream is triggered. This is fixable, and will be done soon.

Security

tsh is recommended to be used by a single user only, for your personal needs. Therefore, you must host your own bot on the server. Support for multiple machines may come in future.

If you wouldn't trust Telegram with your content (especially sensitive content like passwords), please refrain from using this bot at all costs. It's a proof of concept and should be seen as such, and would be a massive breach of security to have sensitive content over Telegram.

Finally, feel free to fork or contribute. tsh is licensed under the terms of the permissive MIT license.