Google Slides RAT (GSR) is the evolution of the previously established Google Calendar RAT.
GSR serves as a proof of concept for an infrastructure-less Command&Control (C2) mechanism utilizing Google Slides documents. This tool is beneficial for scenarios where exposing a Red Teaming infrastructure is undesirable, and there's a need to streamline deployment. To employ GSR, one only needs a Gmail account. The script establishes a 'Covert Channel' by exploiting the table content within a Google Slides document, allowing the target to connect directly to Google. It could potentially be classified as a Layer 7 application covert channel.
- The C2 can be directly cloned from GitHub by using the following commands:
git clone https://github.com/MrSaighnal/GSR-Google-Slides-RAT
cd GSR-Google-Slides-RAT
Then install the python dependencies for both the agent and the "server"
pip install -r ./agent/requirements.txt
pip install -r ./server/requirements.txt
-
Enable the Google Slides API
Visit https://console.cloud.google.com/apis/library/slides.googleapis.com?project=
-
Create a new service account and download the JSON file containing the credentials
Create a new service account and download the JSON file containing the credentials by navigating to https://console.cloud.google.com/, exploring the "IAM & Admin" section, and then clicking on "Service Accounts" in the left panel.
Proceed with the account creation. In the account panel, click on "Add Key", then choose "Create new key", and select the JSON format.
-
Create a new Google Slides document and note of its ID (in the URL)
-
Share the Google document with the newly created service account
-
Configure the C2
Paste the contents of the credentials JSON file and the document ID (retrieved from the URL) into
server/modules/config.pyandagent/agent.py. -
Configure the Google Slides document
Create a table in the first slide consisting of 3 columns and multiple rows (5 or more is highly suggested).
-
Weaponize your agent.py file, and deliver it to the target
To weaponize your agent.py file and deliver it to the target, you can use various methods. For a straightforward approach, use PyInstaller with the following command:
pyinstaller --noconfirm --onefile --windowed "C:/Users/Admin/Documents/Progetti/GSC - Google Slides Rat/agent/agent.py"Alternatively, you can use auto-py-to-exe as follows:
-
Enjoy your C2
Open the shell by running the file
main.pywithinserver/by runningcd server; python main.py
GSR consists of two main components:
- the agent
- the server
The agent is the component that needs to be deployed on the target PC. It's entirely written in Python and can be weaponized with the help of auto-py-to-exe.
The server allows for comfortable Command&Control, interfacing directly with Google's services.
Concentrating solely on the networking component, the only links formed will be with Google's servers, rendering the connection entirely authentic. We'll verify this using Process Explorer.
which results in
Google Slides RAT has been made in Italy with ❤️
I take no responsibility for the use that will be made of it.
Please do not use it for illegal purpose.
- Agent Development
- C2 (Command and Control) Development
- Command Execution (via bi-directional communication channel)
- Change Polling Time Function
- Screenshot Capture Function
- File Download
- File Upload
- Cryptographic Protocol
- shellcode/BOF Execution