GCAT – Fully featured backdoor that uses Gmail as a C&C server

There are many tools that allow to generate backdoors and they are used during a penetration testing program or security awareness where the presenter demonstrate how it is easy to have a full control on a remote vulnerable system.

The main purposes of backdoors is to create a connection to victim machine and run some commands remotely, send files to victim computer , rebooting the system or even modifying the system passwords. If you are looking for similar tool you can check GCAT.

GCAT is a fully featured backdoor that uses Gmail as a C&C server. All you have to do is to create a Gmail account that will be used to send instruction to remote system. This helps to cover track Also it will make your server up and reachable anytime without non standard ports that can be blocked by the firewall. To run the attack you do the following:

  • A Gmail account (Use a dedicated account! Do not use your personal one!)
  • Turn on “Allow less secure apps” under the security settings of the account
  • You may also have to enable IMAP in the account settings

This repo contains two files:

  • gcat.py a script that’s used to enumerate and issue commands to available clients
  • implant.py the actual backdoor to deploy

Some of the actions you will have with GCAT  are:

  • Execute a system command
  • Download a file from a clients system
  • Upload a file to the clients system
  • Execute supplied shellcode on a client
  • Take a screenshot
  • Lock the clients screen
  • Force a check in
  • Start/ Stop keylogger

You can read more and download the tool over this link:https://github.com/byt3bl33d3r/gcat