Gdog is a stealthy Python based Windows backdoor that uses Gmail as a command and control server
Requirements
- Python 2.x
- PyCrypto module
- WMI module
- Enum34 module
- Netifaces module
Features
- Encrypted transportation messages (AES) + SHA256 hashing
- Generate computer unique id using system information/characteristics (SHA256 hash)
- Job IDs are random SHA256 hashes
- Retrieve system information
- Retrieve Geolocation information (City, Country, lat, long, etc..)
- Retrieve running processes/system services/system users/devices (hardware)
- Retrieve list of clients
- Execute system command
- Download files from client
- Upload files to client
- Execute shellcode
- Take screenshot
- Lock client’s screen
- Keylogger
- Lock remote computer’s screen
- Shutdown/Restart remote computer
- Log off current user
- Download file from the WEB
- Visit website
- Show message box to user
Setup
For this to work you need:
- A Gmail account (Use a dedicated account! Do not use your personal one!)
- Turn on “Allow less secure apps” under the security settings of the account.
- You may also have to enable IMAP in the account settings.
Download/Installation
- https://sourceforge.net/projects/pywin32
- git clone https://github.com/maldevel/gdog
- pip install -r requirements.txt –user
Contents
- gdog.py a script that’s used to enumerate and issue commands to available clients
- client.py the actual backdoor to deploy
