- Регистрация
- 20.01.2011
- Сообщения
- 7,665
- Розыгрыши
- 0
- Реакции
- 135
Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, This tool has been developed for those circumstances where it is difficult to create an entire red teaming infrastructure. To use GRC, only a Gmail account is required. The script creates a 'Covert Channel' by exploiting the event descriptions in Google Calendar. The target will connect directly to Google."
Recording -
Для просмотра ссылки Войдиили Зарегистрируйся
How it works
GCR attempt to connect to a valid shared Google Calendar link and after generating a unique ID check for any yet-to-be-executed commands. If it is not able to find any command, it creates a new one (fixed to "whoami") as a proof of connection. Every event is composed by two part:
- The Title, which contains the unique ID, it means you can schedule multiple commands creating events having the same unique ID as name
1687417784400.png
- The Description, which contains the command to execute and the base64 encoded output using the pipe symbol as separator "|"
1687417824000.png
How to use it
Setup a Google service account and obtain the credentials.json file, place the file in the same directory of the script
Create a new Google calendar and share it with the new created service account
Edit the script to point your calendar address
Once executed on the target machine an event with a unique target ID is automatically created autoexecuting the "whoami" command
Use the following syntax in the event description for the communication => CLEAR_COMMAND|BASE64_OUTPUT
Examples:
"whoami|"
"net users|"
The date is fixed on May 30th, 2023. You can create unlimited events using the unique ID as the event name.
Link - Для просмотра ссылки Войдиили Зарегистрируйся
Recording -
Для просмотра ссылки Войди
How it works
GCR attempt to connect to a valid shared Google Calendar link and after generating a unique ID check for any yet-to-be-executed commands. If it is not able to find any command, it creates a new one (fixed to "whoami") as a proof of connection. Every event is composed by two part:
- The Title, which contains the unique ID, it means you can schedule multiple commands creating events having the same unique ID as name
1687417784400.png
- The Description, which contains the command to execute and the base64 encoded output using the pipe symbol as separator "|"
1687417824000.png
How to use it
Setup a Google service account and obtain the credentials.json file, place the file in the same directory of the script
Create a new Google calendar and share it with the new created service account
Edit the script to point your calendar address
Once executed on the target machine an event with a unique target ID is automatically created autoexecuting the "whoami" command
Use the following syntax in the event description for the communication => CLEAR_COMMAND|BASE64_OUTPUT
Examples:
"whoami|"
"net users|"
The date is fixed on May 30th, 2023. You can create unlimited events using the unique ID as the event name.
Link - Для просмотра ссылки Войди