[DevilsCupid] No support for the standard shortlived access tokens (sl. prefix)

Question

[DevilsCupid] No support for the standard shortlived access tokens (sl. prefix)

ollia008 opened this issue 2 years ago · 3 comments

ollia008 commented 2 years ago

Payload Title

DevilsCupid

Payload URL

https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/credentials/DevilsCupid

Payload Setup

Changed the $DropBoxAccessToken = "" to use my access token.

Problem Description

get the error "expired_access_token" or something close to it when running it from a powershell window. Seems the old long lasting tokens are deprecated. Can't find a way to fix it. I found something on "refresh tokens" but they're not implemented in the payload

Troubleshooting steps

Tried to find a way to use a long lasting access token
tried things from this thread: https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/td-p/425269/highlight/true

Suspected Cause

The old long lasting (non-expiring) access tokens are depricated and it seems there's no way to generate them anymore. There are some.

Screenshots or additional information

Checklist ✅ - READ CAREFULLY

I checked and didn't find a similar issue already reported
I am using PayloadStudio to encode this payload
I made sure to redact any private information in the details shared above
I have read and followed the documentation provided by the original payload author and configured the payload (if required)
I have confirmed I am deploying this payload with the correct device intended by the original author (Original USB Rubber Ducky vs New USB Rubber Ducky)
I have confirmed I am deploying this payload on the correct target host intended by the original author (Windows, Mac, Linux, etc)
I have confirmed the payload is compiled in the correct keyboard language for the target host I'm trying to deploy it on (US, DE, etc)
I have actually read the above checkboxes before checking them, including this one, which I have intentionally left unchecked as confirmation of this statement

Agreement

I believe this is an issue with the actual payload itself. I acknowledge this form is not a request for help following instructions.
I have carefully read and filled out every section of this issue form to the best of my ability. I acknowledge by providing insufficient information I cannot receieve adequate assistance.

Answer 1 · 2023-04-29T18:14:34.000Z

@nejcpirecnik

Answer 2 · 2023-04-30T13:50:27.000Z

Possibly add a different way to get the data such as anonfiles or something simmilar and then send it to a discord webhook or something simmilar? Don't know how it would be done, but it's an idea

Answer 3 · 2023-07-31T19:29:05.000Z

bump @nejcpirecnik