C2 over google cloud storage buckets
Ensure that the following package is installed on both the victim and attacker:
$ pip install google-cloud-storage
Packages specific to the server:
$ pip install tabulate colorama
- Create a private
bucket
- Create a new
role
that has the following permissionsstorage.buckets.get
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
- Create a new
service account
that has the new role - Create a new
key
for the service account and export it as JSON - Copy the JSON contents into the
info
variable inside theclient.py
andserver.py
Once you have populated service account credentials and a bucket with read/write access, run server.py
and client.py
in any order.
On the attacker:
$ python3 server.py
On the target:
$ python3 client.py
Once both are up, use the help
menu for a list of available commands.