Red Team tool for exfiltrating files from a target's Google Drive that you have access to, via Google's API.

Overview

GD-Thief

Red Team tool for exfiltrating files from a target's Google Drive that you(the attacker) has access to, via the Google Drive API. This includes includes all shared files, all files from shared drives, and all files from domain drives that the target has access to.

HOW TO

For an illustrated walkthrough, check out my blog post.

Create a new Google Cloud Platform (GCP) project

Steps to get the Google API Access Token needed for connecting to the API

  1. Create a burner Gmail/google account
  2. Login to said account
  3. Navigate to the Google Cloud Console
  4. Next to "Google Cloud Platform," click the "Select a project" Down arrow. A dialog listing current projects appears.
  5. Click New Project. The New Project screen appears.
  6. In the Project Name field, enter a descriptive name for your project.
  7. (Optional) To edit the Project ID, click Edit. The project ID can't be changed after the project is created, so choose an ID that meets your needs for the lifetime of the project.
  8. Click Create. The console navigates to the Dashboard page and your project is created within a few minutes.

Enable a Google Workspace API

  1. Next to "Google Cloud Platform," click the Down arrow and select the project you just created from the dropdown list.
  2. In the top-left corner, click Menu > APIs & Services.
  3. Click Enable APIs and Services. The "Welcome to API Library" page appears.
  4. In the search field, enter "Google Drive".
  5. Click the Google Drive API. The API page appears.
  6. Click Enable. The Overview page appears.

Configure OAuth Consent screen

  1. On the left side of the Overview page click Credentials. The credential page for your project appears.
  2. Click Configure Consent Screen. The "OAuth consent screen" screen appears.
  3. Click the External user type for your app.
  4. Click Create. A second "OAuth consent screen" screen appears.
  5. Fill out the form:
    • Enter an Application Name in the App name field
    • Enter your burner email address in the User support email field.
    • Enter your burner email address in the Developer contact information field.
  6. Click Save and Continue. The "Scopes" page appears.
  7. Click Add or Remove Scopes. The "Update selected scopes" page appears.
  8. Check all of the Google Drive scopes to use in the app. GD scopes cover 2 pages, so click the next page and ensure that you check them all.
  9. Click Update. A list of scopes for your app appears.
  10. Click Save and Continue. The "Edit app registration" page appears.
  11. Click Save and Continue. The "OAuth consent screen" appears.

Create a credential

  1. Click Create Credentials and select OAuth client ID. The "Create OAuth client ID" page appears.
  2. Click the Application type drop-down list and select Desktop Application.
  3. In the name field, type a name for the credential. This name is only shown in the Cloud Console.
  4. Click Create. The OAuth client created screen appears. This screen shows the Client ID and Client secret.
  5. Click OK. The newly created credential appears under "OAuth 2.0 Client IDs."
  6. Click the download button to the right of the newly-created OAuth 2.0 Client ID. This copies a client secret JSON file to your desktop. Note the location of this file.
  7. Rename the client secret JSON file to "credentials.json" and move it to the gd_thief/credentials directory.

Add the victim's Google account to the Application's Test Users

In order to be able to run this script against the victim, you will need to add their Google account to the Test Users list for the App you just created

  1. On the Left side of the screen click OAuth consent screen. You "OAuth Consent Screen" page appears.
  2. Under Test Users click the Add Users button.
  3. Enter the victim's Gmail address in the email address field.
  4. Click the save button.

First Time running gd_thief

Upon gaining access to a Target's Google account, you can run gd_thief

  1. The first time running gd_thief, the script opens a new window prompting you to authorize access to your data:
    1. If you are signed in to multiple Google accounts, you are asked to select one account to use for the authorization. Make sure you select the victim's Google account

Dependencies

Google API Libraries: pip install --upgrade google-api-python-client google-auth-httplib2 google-auth-oauthlib

Usage:

usage:
python3 gd_thief.py [-h] -m [{dlAll, dlDict[-d <DICTIONARY FILE PATH>]}
	[-t <THREAD COUNT>]

help:

This Module will connect to Google's API using an access token and exfiltrate files
from a target's Google Drive.  It will output exfiltrated files to the ./loot directory

arguments:
        -m [{dlAll, dlDict}],
                --mode [{dlAll, dlDict}]
                The mode of file download
                Can be "dlAll", "dlDict [-d <DICTIONARY FILE PATH>]", or... (More options to come)

optional arguments:
        -d <DICTIONARY FILE PATH>, --dict <DICTIONARY FILE PATH>
                        Path to the dictionary file. Mandatory with download mode"-m, --mode dlDict"
                        You can use the provided dictionary, per example: "-d ./dictionaries/secrets-keywords.txt"
        -t <THREAD COUNT>, --threads <THREAD COUNT>
                        Number of threads. (Too many could exceeed Google's rate limit threshold)

        -h, --help
                show this help message and exit

NOTES:

  • Setting the thread count too high will cause an HTTP 403 "Rate limit exceeded," indicating that the user has reached Google Drive API's maximum request rate.
    • The thread count limit vaires from machine to machine. I've set it to 250 on a Macbook Pro, while 250 was too high for my Windows 10 Desktop

REFERENCES:

TODO:

  1. Threading
  2. Error Checking
  3. Wordlist file content search and download
  4. File type download
  5. Snort Sensitive Data regex file content search and download
  6. Optical Character Recognition (OCR)

Special Thanks:

Thank you to my good friend Cedric Owens for helping me with the threading piece!

You might also like...
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

Adversarial Robustness Toolbox (ART) is a Python library for Machine Learning Security. ART provides tools that enable developers and researchers to defend and evaluate Machine Learning models and applications against the adversarial threats of Evasion, Poisoning, Extraction, and Inference. ART supports all popular machine learning frameworks (TensorFlow, Keras, PyTorch, MXNet, scikit-learn, XGBoost, LightGBM, CatBoost, GPy, etc.), all data types (images, tables, audio, video, etc.) and machine learning tasks (classification, object detection, speech recognition, generation, certification, etc.).

Repo for FUZE project. I will also publish some Linux kernel LPE exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.

Linux_kernel_exploits Some Linux kernel exploits for various real world kernel vulnerabilities here. More exploits are yet to come. This repo contains

Pytorch implementation of RED-SDS (NeurIPS 2021).

Recurrent Explicit Duration Switching Dynamical Systems (RED-SDS) This repository contains a reference implementation of RED-SDS, a non-linear state s

Python wrapper to access the amazon selling partner API

PYTHON-AMAZON-SP-API Amazon Selling-Partner API If you have questions, please join on slack Contributions very welcome! Installation pip install pytho

A large dataset of 100k Google Satellite and matching Map images, resembling pix2pix's Google Maps dataset.
A large dataset of 100k Google Satellite and matching Map images, resembling pix2pix's Google Maps dataset.

Larger Google Sat2Map dataset This dataset extends the aerial ⟷ Maps dataset used in pix2pix (Isola et al., CVPR17). The provide script download_sat2m

I have created this Virtual Paint Program, in this you can paint(draw) on your screen using hand gestures, created in Python-3 using OpenCV and Mediapipe library. Gestures :-  Index Finger for drawing and Index+Middle Finger for changing position and objects. Discord-Protect is a simple discord bot allowing you to have some security on your discord server by ordering a captcha to the user who joins your server.
Discord-Protect is a simple discord bot allowing you to have some security on your discord server by ordering a captcha to the user who joins your server.

Discord-Protect Discord-Protect is a simple discord bot allowing you to have some security on your discord server by ordering a captcha to the user wh

A customisable game where you have to quickly click on black tiles in order of appearance while avoiding clicking on white squares.

W.I.P-Aim-Memory-Game A customisable game where you have to quickly click on black tiles in order of appearance while avoiding clicking on white squar

Owner
Antonio Piazza
Antonio Piazza
This is an implementation of Googles Yogi-Optimizer in Keras (tf.keras)

Yogi-Optimizer_Keras This is an implementation of Googles Yogi-Optimizer in Keras (tf.keras) The NeurIPS-Paper can be found here: http://papers.nips.c

null 14 Sep 13, 2022
DexterRedTool - Dexter's Red Team Tool that creates cronjob/task scheduler to consistently creates users

DexterRedTool Author: Dexter Delandro CSEC 473 - Spring 2022 This tool persisten

null 2 Feb 16, 2022
HackBMU-5.0-Team-Ctrl-Alt-Elite - HackBMU 5.0 Team Ctrl Alt Elite

HackBMU-5.0-Team-Ctrl-Alt-Elite The search is over. We present to you ‘Health-A-

null 3 Feb 19, 2022
Have you ever wondered how cool it would be to have your own A.I

Have you ever wondered how cool it would be to have your own A.I. assistant Imagine how easier it would be to send emails without typing a single word, doing Wikipedia searches without opening web browsers, and performing many other daily tasks like playing music with the help of a single voice command.

Harsh Gupta 1 Nov 9, 2021
Single Red Blood Cell Hydrodynamic Traps Via the Generative Design

Rbc-traps-generative-design - The generative design for single red clood cell hydrodynamic traps using GEFEST framework

Natural Systems Simulation Lab 4 Jun 16, 2022
Spam your friends and famly and when you do your famly will disown you and you will have no friends.

SpamBot9000 Spam your friends and family and when you do your family will disown you and you will have no friends. Terms of Use Disclaimer: Please onl

DJ15 0 Jun 9, 2022
Python script to download the celebA-HQ dataset from google drive

download-celebA-HQ Python script to download and create the celebA-HQ dataset. WARNING from the author. I believe this script is broken since a few mo

null 133 Dec 21, 2022
This repo contains research materials released by members of the Google Brain team in Tokyo.

Brain Tokyo Workshop ?? ?? This repo contains research materials released by members of the Google Brain team in Tokyo. Past Projects Weight Agnostic

Google 1.2k Jan 2, 2023