Skip to content

[Feature Request] Add Python module for Google Workspace Phishing Payload Creation #3

New issue
New issue
Open
Open
[Feature Request] Add Python module for Google Workspace Phishing Payload Creation#3
Assignees
brokensound77terrancedejesus
Labels
API: Apps ScriptAPI: DriveAPI: GmailTactic: Initial AccessTactic: Lateral MovementTactic: Privilege EscalationTechnique: T1534Technique: T1566enhancementNew feature or request
@DefSecSentinel

Description

@DefSecSentinel
DefSecSentinel
opened on May 9, 2023

🐍 Python Module for MITRE ATT&CK Technique

Tactic Name: Initial Access, Lateral Movement, Privilege Escalation

Technique Name: Phishing, Internal Spearphishing

Technique ID: T1566, T1534

Technique Description: Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering.

Describe the solution you'd like

Payload Creation Module for use with a threat actors GWS infra for Initial Access or a compromised GWS environment for Lateral Movement and Privilege Escalation.

Requirements: 
- Google Drive, Google App Scripts API, Google Docs, and Google Sheets APIs enabled
- Python packages (google-auth google-auth-oauthlib google-auth-httplib2 google-api-python-client)
- Scopes (https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/documents, 
          https://www.googleapis.com/auth/spreadsheets, https://www.googleapis.com/auth/drive)

Module Workflow:
Step 1: Select your payload type (doc, sheet, form):
Step 2: Select App Script payload
Step 3: Choose lure
Step 4: Submit

Module Actions:
 1. Authenticate
 2. Create file
 3. Populate file with lure content
 4. Create App Script project and bind to file
 5. Set the file permissions and return the link

ChatGPT Example Script

from google.oauth2.credentials import Credentials
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from googleapiclient.errors import HttpError
from googleapiclient.discovery import build

SCOPES = [
    'https://www.googleapis.com/auth/drive.file',
    'https://www.googleapis.com/auth/spreadsheets',
    'https://www.googleapis.com/auth/script.projects',
    'https://www.googleapis.com/auth/drive'
]

def create_google_file(file_type, data=None):
    try:
        service = build('drive', 'v3', credentials=creds)

        if file_type == 'document':
            mimeType = 'application/vnd.google-apps.document'
        elif file_type == 'spreadsheet':
            mimeType = 'application/vnd.google-apps.spreadsheet'
        elif file_type == 'form':
            mimeType = 'application/vnd.google-apps.form'
        else:
            raise ValueError('Invalid file_type. Must be "document", "spreadsheet", or "form".')

        file_metadata = {'name': f'My {file_type.capitalize()}', 'mimeType': mimeType}
        file = service.files().create(body=file_metadata, fields='id').execute()
        print(F'Created {file_type.capitalize()} with ID: {file.get("id")}')

        if file_type == 'spreadsheet':
            script_id = create_and_bind_app_script(file.get('id'))
            print(F'Created and bound Apps Script project with ID: {script_id}')

            if data:
                populate_sheet(file.get('id'), data)

        share_link = create_share_link(file.get('id'))
        print(F'Shareable link: {share_link}')

    except HttpError as error:
        print(F'An error occurred: {error}')

def create_and_bind_app_script(sheet_id):
    try:
        service = build('script', 'v1', credentials=creds)

        # Create a new Apps Script project
        request = {
            'title': 'My Custom Functions'
        }
        script = service.projects().create(body=request).execute()

        # Bind the Apps Script project to the Google Sheet
        request = {
            'addResource': {
                'scriptId': script['scriptId'],
                'resource': {
                    'sheetId': sheet_id
                }
            }
        }
        service.projects().updateContent(body=request).execute()

        return script['scriptId']
    except HttpError as error:
        print(F'An error occurred: {error}')

def populate_sheet(sheet_id, data):
    try:
        service = build('sheets', 'v4', credentials=creds)

        # Assuming data is a list of lists, where each inner list is a row
        # of data to be written to the sheet
        body = {
            'values': data
        }

        range_name = 'A1'
        result = service.spreadsheets().values().update(
            spreadsheetId=sheet_id, range=range_name,
            valueInputOption='RAW', body=body).execute()

        print(F'Populated sheet with {result.get("updatedCells")} cells.')
    except HttpError as error:
        print(F'An error occurred: {error}')

def create_share_link(file_id):
    try:
        service = build('drive', 'v3', credentials=creds)

        # Set permissions for the file
        permissions = {
            'role': 'writer',  # or 'reader', depending on the access level you want to grant
            'type': 'anyone'
        }
        service.permissions().create(fileId=file_id, body=permissions).execute()

        # Get the shareable link
        file = service.files().get(fileId=file_id, fields='webViewLink').execute()
        share_link = file.get('webViewLink')

        return share_link
    except HttpError as error:
        print(F'An error occurred: {error}')

# Replace 'spreadsheet' with 'document' or 'form' for other file types
data = [["Header1", "Header2"], [1, 2], [3, 4]]
create_google_file('spreadsheet', data)

Metadata

Metadata

Assignees

Labels

API: Apps ScriptAPI: DriveAPI: GmailTactic: Initial AccessTactic: Lateral MovementTactic: Privilege EscalationTechnique: T1534Technique: T1566enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions