Gdog – Python Windows Backdoor With Gmail Command & Control

Gdog is a stealthy Python Windows backdoor that uses Gmail as a command and control server, it’s inspired by Gcat and pushes a little beyond a proof of concept with way more features.

Features

• Encrypted transportation messages (AES) + SHA256 hashing
• Generate computer unique id using system information/characteristics (SHA256 hash)
• Job IDs are random SHA256 hashes
• Retrieve system information
• Retrieve Geolocation information (City, Country, lat, long, etc..)
• Retrieve running processes/system services/system users/devices (hardware)
• Retrieve list of clients
• Execute system command
• Download files from client
• Upload files to client
• Execute shellcode
• Take screenshot
• Lock client’s screen
• Keylogger
• Lock remote computer’s screen
• Shutdown/Restart remote computer
• Log off current user
• Download file from the WEB
• Visit website
• Show message box to user

Usage

     __

2.            ____ _____/ /___  ____ _
3.           / __ `/ __  / __ \/ __ `/
4.          / /_/ / /_/ / /_/ / /_/ /
5.          \__, /\__,_/\____/\__, /
6.         /____/            /____/
7. 
   
8. optional arguments:
9.   -h, --help            show this help message and exit
10.   -v, --version         show program's version number and exit
11.   -id ID                Client to target
12.   -jobid JOBID          Job id to retrieve
13. 
    
14.   -list                 List available clients
15.   -info                 Retrieve info on specified client
16. 
    
17. Commands:
18.   Commands to execute on an implant
19. 
    
20.   -cmd CMD              Execute a system command
21.   -visitwebsite URL     Visit website
22.   -message TEXT TITLE   Show message to user
23.   -tasks                Retrieve running processes
24.   -services             Retrieve system services
25.   -users                Retrieve system users
26.   -devices              Retrieve devices(Hardware)
27.   -download PATH        Download a file from a clients system
28.   -download-fromurl URL
29.                         Download a file from the web
30.   -upload SRC DST       Upload a file to the clients system
31.   -exec-shellcode FILE  Execute supplied shellcode on a client
32.   -screenshot           Take a screenshot
33.   -lock-screen          Lock the clients screen
34.   -shutdown             Shutdown remote computer
35.   -restart              Restart remote computer
36.   -logoff               Log off current remote user
37.   -force-checkin        Force a check in
38.   -start-keylogger      Start keylogger
39.   -stop-keylogger       Stop keylogger

Requirements & Setup

For this to work you need:

• Python 2.x
• PyCrypto module
• WMI module
• Enum34 module
• Netifaces module

And:

• A Gmail account (Use a dedicated account! Do not use your personal one!)
• Turn on “Allow less secure apps” under the security settings of the account.
• You may also have to enable IMAP in the account settings.

Download/Install

1 2	git clone https://github.com/maldevel/gdog pip install -r requirements.txt --user

You can download Gdog here:

gdog-v1.0.1.zip

Or read more here.

Also look at : How To Scan website vulnerabilities using nikto