A stealthy Python based backdoor that uses Gmail as a command and control server.
Requirements
- A Gmail account (Use a dedicated account! Do not use your personal one!)
- Turn on “Allow less secure apps” under the security settings of the account
This repo contains two files:
- gcat.py a script that’s used to enumerate and issue commands to available clients
- implant.py the actual backdoor to deploy
In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.
You’re probably going to want to compile implant.py into an executable using Pyinstaller
Usage
- Once you’ve deployed the backdoor on a couple of systems, you can check available clients using the list command:
The output is a UUID string that uniquely identifies the system and the OS the implant is running on
- Let’s issue a command to an implant:
Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command
- Lets get the results!
- That’s the gist of it! But you can do much more as you can see from the usage of the script! ?