Gcat – A stealthy Backdoor that uses Gmail as the C&C server

June 11, 2016November 18, 2017 haxf4rall2017 0 Comments gcat, gcat tutorial, gmail command and control server, how to use gcat

A stealthy Python based backdoor that uses Gmail as a command and control server.

Requirements

A Gmail account (Use a dedicated account! Do not use your personal one!)
Turn on “Allow less secure apps” under the security settings of the account

This repo contains two files:

gcat.py a script that’s used to enumerate and issue commands to available clients
implant.py the actual backdoor to deploy

In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.

You’re probably going to want to compile implant.py into an executable using Pyinstaller

Usage

Once you’ve deployed the backdoor on a couple of systems, you can check available clients using the list command:

The output is a UUID string that uniquely identifies the system and the OS the implant is running on

Let’s issue a command to an implant:

Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command

Lets get the results!

That’s the gist of it! But you can do much more as you can see from the usage of the script! 😉