function Get-TimedScreenshot{<#.SYNOPSISTakes screenshots at a regular

1. function Get-TimedScreenshot
2. {
3. <#
4. .SYNOPSIS
5.  
6. Takes screenshots at a regular interval and saves them to disk.
7.  
8. PowerSploit
9.  
10. Function: Get-TimedScreenshot
11. Author: Chris Campbell (@obscuresec)
12. License: BSD 3-Clause
13. Required Dependencies: None
14. Optional
15.  
16. Dependencies: None
17.  
18. .DESCRIPTION
19.  
20. A function that takes screenshots and saves them to a folder.
21.  
22. .PARAMETER Path
23.  
24. Specifies the
25.  
26. folder path.
27.  
28. .PARAMETER Interval
29.  
30. Specifies the interval in seconds between taking screenshots.
31.  
32. .PARAMETER EndTime
33.  
34. Specifies when the script should stop running in the format HH-MM
35.  
36. .EXAMPLE
37.  
38. PS C:\> Get-TimedScreenshot -Path c:\temp\ -
39.  
40. Interval 30 -EndTime 14:00
41.  
42. .LINK
43.  
44. http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html
45. https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-TimedScreenshot.ps1
46. #>
47.  
48. [CmdletBinding()]
49.  
50. Param(
51. [Parameter(Mandatory=$True)]
52. [ValidateScript({Test-Path -Path $_ })]
53. [String]
54.  
55. $Path,
56.  
57. [Parameter(Mandatory=$True)]
58. [Int32] $Interval,
59.  
60. [Parameter(Mandatory=$True)]
61.  
62.  
63. [String] $EndTime
64. )
65.  
66. #Define helper function that generates and saves screenshot
67. Function Get-
68.  
69. Screenshot {
70. $ScreenBounds = [Windows.Forms.SystemInformation]::VirtualScreen
71.  
72. $VideoController = Get-WmiObject
73.  
74. -Query 'SELECT VideoModeDescription FROM Win32_VideoController'
75.  
76. if ($VideoController.VideoModeDescription -and
77.  
78. $VideoController.VideoModeDescription -match '(?<ScreenWidth>^\d+) x (?<ScreenHeight>\d+) x .*$') {
79. $Width =
80.  
81. [Int] $Matches['ScreenWidth']
82. $Height = [Int] $Matches['ScreenHeight']
83. } else {
84. $ScreenBounds =
85.  
86. [Windows.Forms.SystemInformation]::VirtualScreen
87.  
88. $Width = $ScreenBounds.Width
89. $Height =
90.  
91. $ScreenBounds.Height
92. }
93.  
94. $Size = New-Object System.Drawing.Size($Width, $Height)
95. $Point = New-Object
96.  
97. System.Drawing.Point(0, 0)
98.  
99. $ScreenshotObject = New-Object Drawing.Bitmap $Width, $Height
100. $DrawingGraphics =
101.  
102. [Drawing.Graphics]::FromImage($ScreenshotObject)
103. $DrawingGraphics.CopyFromScreen($Point, [Drawing.Point]::Empty,
104.  
105. $Size)
106. $DrawingGraphics.Dispose()
107. $ScreenshotObject.Save($FilePath)
108. $ScreenshotObject.Dispose()
109. }
110.  
111.  
112.  
113. Try {
114.  
115. #load required assembly
116. Add-Type -Assembly System.Windows.Forms
117.  
118. Do {
119.  
120.  
121. #get the current time and build the filename from it
122. $Time = (Get-Date)
123.  
124. [String]
125.  
126. $FileName = "$($Time.Month)"
127. $FileName += '-'
128. $FileName += "$($Time.Day)"
129. $FileName +=
130.  
131. '-'
132. $FileName += "$($Time.Year)"
133. $FileName += '-'
134. $FileName += "$($Time.Hour)"
135.  
136.  
137. $FileName += '-'
138. $FileName += "$($Time.Minute)"
139. $FileName += '-'
140. $FileName +=
141.  
142. "$($Time.Second)"
143. $FileName += '.png'
144.  
145. #use join-path to add path to filename
146.  
147.  
148. [String] $FilePath = (Join-Path $Path $FileName)
149.  
150. #run screenshot function
151. Get-Screenshot
152.  
153.  
154.  
155. Write-Verbose "Saved screenshot to $FilePath. Sleeping for $Interval seconds"
156.  
157. Start-Sleep -Seconds
158.  
159. $Interval
160. }
161.  
162. #note that this will run once regardless if the specified time as passed
163. While ((Get-Date
164.  
165. -Format HH:mm) -lt $EndTime)
166. }
167.  
168. Catch {Write-Error $Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage}
169. }