Dropbox Bandit

Dropbox Bandit
Download Copy
Title: Dropbox Bandit
Author: Factor101

This payload is designed to target Windows 10/11 machines, but but may run on older versions of Windows. If you are using an older Rubber Ducky please use the "payload_duckyscript_old.txt" file. This payload extracts files from a specific location on a target's machine and uploads them in archives to a dropbox account. The actual payload takes about 5 seconds to run (faster on real machines, tested on virtual machine), but the actual exfiltration, which is invisible to the victim one started, can take longer depending on the total size of data to be uploaded.

Exfiltration is an involuntary backup. It's a technique for obtaining data from a network. Once obtained, the data may be removed using a number of methods. These may include traversing the network to a command and control server, such as Cloud C². The content is typically encrypted or obfuscated. In the case of physical access, a bring-your-own-network element may be included to evade detection. See all exfiltration payloads.

This payload is for the USB Rubber Ducky — a "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds. It's no wonder this little quacker has made appearances on Mr. Robot, FBI, Blacklist, National Geography and more!

Submit your own payload, or browse more featured USB Rubber Ducky Payloads.

 

 

Related Payloads

Linux Blind Serial Command Injection
Linux Blind Serial Command Injection
Allows a remote attacker to execute commands on a Linux system via a serial connection, without receiving feedback on th
Read More
Lazagne Exfil
Lazagne Exfil
This payload downloads and runs Lazagne, stores all info to .txt file, sends file to telegram bot.
Read More
Google Exfil
Google Exfil
This payload runs Powershell script that zips google user data, uses gofile.io api to upload it, and then sends a downlo
Read More