Breaking News



GC2 (Google Command and Keep watch over) is a Command and Keep watch over utility that permits an attacker to execute instructions at the function gadget the use of Google Sheet and exfiltrates knowledge the use of Google Pressure.

This program has been advanced so that you can supply a command and keep an eye on that doesn’t require any explicit get ready (like: a customized house, VPS, CDN, …) all over Crimson Teaming actions.

Moreover, this system may have interplay most simple with Google’s domain names (*.google.com) to make detection tougher.

PS: Please do not add the compiled binary on VirusTotal 🙂

  1. Compile executable
    git clone https://github.com/looCiprian/GC2-sheet
    cd GC2-sheet
    switch compile gc2-sheet.switch
  2. Create a brand new google “provider account”Create a brand new google “provider account” the use of https://console.cloud.google.com/, create a .json key document for the provider account
  3. Allow Google Sheet API and Google Pressure APIAllow Google Pressure API https://builders.google.com/power/api/v3/enable-drive-api and Google Sheet API https://builders.google.com/sheets/api/quickstart/switch
  4. Get ready Google Sheet and Google PressureCreate a brand new Google Sheet and upload the provider account to the editor group of workers of the spreadsheet (with the intention to add the provider account use its e mail)

    Sheet Permission

    Create a brand new Google Pressure folder and upload the provider account to the editor group of workers of the folder (with the intention to add the provider account use its e mail)

    Sheet Permission

  5. Get started the C2
    gc2-sheet --key <GCP provider account credential document .JSON > --sheet <Google sheet ID> --drive <Google power ID>
    

    PS: you are able to additionally hardcode the parameters all over the code, so you are going to add most simple the executable at the function gadget (take a look at feedback in root.switch and authentication.switch)

Work Flow

Demo

The landlord of this enterprise isn’t answerable for any unlawful utilization of this program.

Pull request or paypal


Unique repository: https://github.com/looCiprian/GC2-sheet


Leave a Reply

Your email address will not be published. Required fields are marked *

Donate Us

X