Gdog is a stealthy Python Windows backdoor that uses Gmail as a command and control server, it’s inspired by Gcat and pushes a little beyond a proof of concept with way more features.
And don’t forget, Gcat also inspired Twittor – Backdoor Using Twitter For Command & Control.
Features
- Encrypted transportation messages (AES) + SHA256 hashing
- Generate computer unique id using system information/characteristics (SHA256 hash)
- Job IDs are random SHA256 hashes
- Retrieve system information
- Retrieve Geolocation information (City, Country, lat, long, etc..)
- Retrieve running processes/system services/system users/devices (hardware)
- Retrieve list of clients
- Execute system command
- Download files from client
- Upload files to client
- Execute shellcode
- Take screenshot
- Lock client’s screen
- Keylogger
- Lock remote computer’s screen
- Shutdown/Restart remote computer
- Log off current user
- Download file from the WEB
- Visit website
- Show message box to user
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
__ ____ _____/ /___ ____ _ / __ `/ __ / __ \/ __ `/ / /_/ / /_/ / /_/ / /_/ / \__, /\__,_/\____/\__, / /____/ /____/ optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit -id ID Client to target -jobid JOBID Job id to retrieve -list List available clients -info Retrieve info on specified client Commands: Commands to execute on an implant -cmd CMD Execute a system command -visitwebsite URL Visit website -message TEXT TITLE Show message to user -tasks Retrieve running processes -services Retrieve system services -users Retrieve system users -devices Retrieve devices(Hardware) -download PATH Download a file from a clients system -download-fromurl URL Download a file from the web -upload SRC DST Upload a file to the clients system -exec-shellcode FILE Execute supplied shellcode on a client -screenshot Take a screenshot -lock-screen Lock the clients screen -shutdown Shutdown remote computer -restart Restart remote computer -logoff Log off current remote user -force-checkin Force a check in -start-keylogger Start keylogger -stop-keylogger Stop keylogger |
Requirements & Setup
For this to work you need:
- Python 2.x
- PyCrypto module
- WMI module
- Enum34 module
- Netifaces module
And:
- A Gmail account (Use a dedicated account! Do not use your personal one!)
- Turn on “Allow less secure apps” under the security settings of the account.
- You may also have to enable IMAP in the account settings.
Download/Install
1 2 |
git clone https://github.com/maldevel/gdog pip install -r requirements.txt --user |
You can download Gdog here:
Or read more here.