Powershell Keylogger
Aaron, made a cool PowerShell-based keylogger (well, it was python until I bribed him to re-write it for me…)
It is located on his GitHub page
It great because it handles the keylogging and the exfiltration of data!
In order to use it you:
- Create a fake Google Account (or use a throw-away)
- Create a Spreadsheet in that account’s Google Drive
- Make the Sheet public
..1.
File > Share... > Give it a random name > Get sharable link
- Visit Google Scripts and paste in the code from server.gs
- Add the Sheet’s URL from step 3.1 to the
SPREADSHEET_URL
variable inserver.gs
.1. remove the?usp=sharing
at the end. URL should end in/edit
- Publish the server:
- Save and name the project
Publish > Deploy as web app
* Make sureAnyone, even anonymous
can access the appReview permissions >
(your fake accout here)> Advanced > Go to Untitled Project (unsafe) >
enter ‘Continue’> allow
- Copy the URL and paste it in the
SERVER_URL
of the logger you are using - Copy the powershell code to your victim
- Run the powerShell script!
- The script runs for 1 to 3 minutes before publishing the keystrokes to the Google Sheet
- Lastly, I went into the Google Sheet and published it to the web for easier viewing
Sometimes if I typed too fast, it doesnt record all of the typed keys, and it doesnt record backspaces or punctuation.
As-is, it only runs once and if you want it to continuously run, it needs some edits or perhaps a scheduled task to get it going again. When I used it, I edited it not use Google Scripts and instead, I had it save a file locally. Not very sneaky… I also set it to run for 10 minutes and send me its log via scheduled task and then restart the script. Because there aren’t signatures developed for it, it might not flag host-based security systems.
Neat little tool! Thanks Aaron!