hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed missing step in generating refresh token

pull/176/head
Factor101 2022-11-14 01:35:38 -05:00 committed by GitHub
parent 45e9de99c8
commit 3ffc352427
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
payloads/library/exfiltration/Dropbox-Bandit/readme.md
View File

@ -29,7 +29,8 @@ This payload extracts files from a specific location on a target's machine and u
-- Go to the "Settings" tab and copy your "App key" and "App secret"
-- Go to the "Settings" tab -> OAuth 2 -> Generated Access token and copy the token that you generate. **Important: This token will expire in 4 hours**, so you will only use this one to get your refresh token
-- Enter this link in your browser: https://www.dropbox.com/oauth2/authorize?client_id=YOUR_APP_KEY_GOES_HERE&token_access_type=offline&response_type=code, but ensure you replace "YOUR_APP_KEY_GOES_HERE" with your app key from above
-- Click "Continue" and "Allow" and then copy the token it gives you. This is your "refresh_token"
-- Click "Continue" and "Allow" and then copy the token it gives you.
-- Open a command prompt and type "curl https://api.dropbox.com/oauth2/token -d code=THE_CODE_YOU_GOT_FROM_THE_LAST_STEP -d grant_type=authorization_code -u YOUR_APP_KEY:YOUR_APP_SECRET". Hit enter and then copy the "refresh_token" from the result. This is your "refresh_token"
- Now that we have all our dropbox information, download the powershell script "ex.ps1"
-- Set $s to the folder you want to exfiltrate data from
-- Set $fileTypes to the filters for what files you want to grab