Skip to content

[Feature Request] Add Python module for Creating a New Google Workspace Account #5

New issue
New issue
Open
Open
[Feature Request] Add Python module for Creating a New Google Workspace Account#5
Assignees
brokensound77terrancedejesus
Labels
API: AdminTactic: PersistenceTechnique: T1136enhancementNew feature or request
@DefSecSentinel

Description

@DefSecSentinel
DefSecSentinel
opened on May 9, 2023

🐍 Python Module for MITRE ATT&CK Technique

Tactic Name: Persistence

Technique Name: Create Account

Technique ID: T1136

Technique Description: Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.

Describe the solution you'd like

New Google Workspace Account Creation Module for use with a compromised GWS environment for Persistence.

Requirements: 
- Google Admin SDK API enabled
- Python packages (google-auth google-auth-oauthlib google-auth-httplib2 google-api-python-client, email, base64)
- Scopes (https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.rolemanagement)

Module Workflow:
Step 1: Enter the account first name:
Step 2: Enter the account last name:
Step 3: Enter the email for the account:
Step 4: Enter the password (temporary):
Step 5: Create

Module Actions:
 1. Authenticate
 2. Create a new user
 3. Create a custom role with the desired permissions
 4. Assign the role to the newly created user
 5. Enable or disable API access for the user
 6. Return Success with user email and password

ChatGPT Example Script

from google.oauth2 import service_account
from googleapiclient import discovery, errors

# Replace with your credentials file path and your Google Workspace domain
SERVICE_ACCOUNT_FILE = 'path/to/credentials.json'
DOMAIN = 'your-domain.com'

# Set up credentials with the required scopes
credentials = service_account.Credentials.from_service_account_file(
    SERVICE_ACCOUNT_FILE,
    scopes=['https://www.googleapis.com/auth/admin.directory.user',
            'https://www.googleapis.com/auth/admin.directory.rolemanagement'])

# Create an Admin SDK API client
service = discovery.build('admin', 'directory_v1', credentials=credentials)

# Create a user
user_body = {
    'primaryEmail': 'new-user@{}'.format(DOMAIN),
    'name': {
        'givenName': 'John',
        'familyName': 'Doe'
    },
    'password': 'UserPassword123'
}
user = service.users().insert(body=user_body).execute()

# Create a custom role with specific permissions
role_body = {
    'roleName': 'Custom Role',
    'rolePrivileges': [
        {
            'privilegeName': 'User Management',
            'serviceId': 'your-service-id'
        }
    ]
}
role = service.roles().insert(customer='my_customer', body=role_body).execute()

# Assign the custom role to the user
assignment_body = {
    'roleId': role['roleId'],
    'assignedTo': user['id']
}
assignment = service.roleAssignments().insert(customer='my_customer', body=assignment_body).execute()

print('User created and custom role assigned')

Metadata

Metadata

Assignees

Labels

API: AdminTactic: PersistenceTechnique: T1136enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions