Gcat – A stealthy Backdoor that uses Gmail as the C&C server

Comments Off on Gcat – A stealthy Backdoor that uses Gmail as the C&C server

A stealthy Python based backdoor that uses Gmail as a command and control server.

Requirements

  • A Gmail account (Use a dedicated account! Do not use your personal one!)
  • Turn on “Allow less secure apps” under the security settings of the account

This repo contains two files:

  • gcat.py a script that’s used to enumerate and issue commands to available clients
  • implant.py the actual backdoor to deploy

In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.

You’re probably going to want to compile implant.py into an executable using Pyinstaller

 

Usage

gcat 1

  • Once you’ve deployed the backdoor on a couple of systems, you can check available clients using the list command:

gcat 2

The output is a UUID string that uniquely identifies the system and the OS the implant is running on

  • Let’s issue a command to an implant:

gcat 3

Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command

  • Lets get the results!

gcat 4

  • That’s the gist of it! But you can do much more as you can see from the usage of the script! 😉

 

 

download now

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress